import { withAuth } from "next-auth/middleware";
import { NextResponse } from "next/server";

export default withAuth(
  function middleware(req) {
    return NextResponse.next();
  },
  {
    callbacks: {
      authorized: ({ token, req }) => {
        // Allow access to public paths
        if (
          req.nextUrl.pathname === "/" ||
          req.nextUrl.pathname === "/signin" ||
          req.nextUrl.pathname.startsWith("/_next") ||
          req.nextUrl.pathname.startsWith("/api/auth") ||
          req.nextUrl.pathname.startsWith("/public")
        ) {
          return true;
        }
        
        // For API routes, check if the request is for mail or other protected endpoints
        if (req.nextUrl.pathname.startsWith('/api/')) {
          // Allow access to public API endpoints
          if (
            req.nextUrl.pathname.startsWith('/api/auth') ||
            req.nextUrl.pathname.startsWith('/api/news')
          ) {
            return true;
          }
          
          // Require authentication for protected API endpoints
          return !!token;
        }
        
        // For all other routes, require a valid token
        return !!token;
      },
    },
    pages: {
      signIn: "/signin",
    },
  }
);

export const config = {
  matcher: [
    /*
     * Match all request paths except for the ones starting with:
     * - api/auth (auth endpoints)
     * - _next/static (static files)
     * - _next/image (image optimization files)
     * - favicon.ico (favicon file)
     * - public folder
     */
    "/((?!api/auth|_next/static|_next/image|favicon.ico|public).*)",
  ],
};