import { NextRequest, NextResponse } from "next/server";

export function middleware(request: NextRequest) {
  const { pathname } = request.nextUrl;

  // -------------------------
  // Admin Authentication
  // -------------------------

  if (pathname.startsWith("/admin")) {
    const adminToken = request.cookies.get("admin_token")?.value;

    const adminPublicRoutes = ["/admin/login"];

    if (!adminToken && !adminPublicRoutes.includes(pathname)) {
      return NextResponse.redirect(new URL("/admin/login", request.url));
    }

    if (adminToken && pathname === "/admin/login") {
      return NextResponse.redirect(new URL("/admin/dashboard", request.url));
    }
  }

  // -------------------------
  // Student Authentication
  // -------------------------

  if (pathname.startsWith("/student")) {
    const studentToken = request.cookies.get("student_token")?.value;

    const studentPublicRoutes = [
      "/student/login",
      "/student/register",
      "/student/verify-email",
      "/student/forgot-password",
      "/student/reset-password"
    ];

    // Always allow verify-email through, regardless of login state
    if (pathname === "/student/verify-email") {
      return NextResponse.next();
    }

    if (!studentToken && !studentPublicRoutes.includes(pathname)) {
      return NextResponse.redirect(new URL("/student/login", request.url));
    }

    if (
      studentToken &&
      (pathname === "/student/login" || pathname === "/student/register")
    ) {
      return NextResponse.redirect(new URL("/student/dashboard", request.url));
    }
  }

  return NextResponse.next();
}

export const config = {
  matcher: ["/admin/:path*", "/student/:path*"],
};