import { NextResponse } from "next/server"
import type { NextRequest } from "next/server"

export function middleware(request: NextRequest) {
  const hasAccess = request.cookies.get("jefflix-access")?.value === "granted"

  if (!hasAccess) {
    return NextResponse.redirect(new URL("/gate", request.url))
  }

  // Rewrite music.jefflix.lol root to /music (URL stays clean)
  const host = request.headers.get("host") || ""
  if (host.startsWith("music.") && request.nextUrl.pathname === "/") {
    return NextResponse.rewrite(new URL("/music", request.url))
  }

  return NextResponse.next()
}

export const config = {
  matcher: [
    /*
     * Match all paths except:
     * - /gate (the code entry page)
     * - /api/verify-code (the verification endpoint)
     * - /_next (Next.js internals)
     * - /favicon.ico, /icon*, /apple-icon*, /og-image* (static assets)
     */
    "/((?!gate|api/verify-code|api/version|_next|favicon\\.ico|icon|apple-icon|og-image).*)",
  ],
}