import createMiddleware from 'next-intl/middleware';
import type { NextRequest } from 'next/server';

const i18nMiddleware = createMiddleware({
    locales: ['de', 'en'],
    defaultLocale: 'de',
    // Wir nutzen überall Locale-Präfixe (`/de`, `/en`)
    localePrefix: 'always'
});

export default function middleware(request: NextRequest) {
    // 1. i18n-Routing
    const response = i18nMiddleware(request);

    // 2. Security-Header ergänzen
    const headers = response.headers;

    headers.set('X-Frame-Options', 'SAMEORIGIN');
    headers.set('X-XSS-Protection', '1; mode=block');
    headers.set('X-Content-Type-Options', 'nosniff');
    headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
    headers.set('Permissions-Policy', 'camera=(), microphone=(), geolocation=()');

    const csp = [
        "default-src 'self'",
        "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.elpatron.me",
        "style-src 'self' 'unsafe-inline'",
        "img-src 'self' data: blob:",
        "font-src 'self' data:",
        "connect-src 'self' https://openrouter.ai https://gotify.example.com https://plausible.elpatron.me",
        "media-src 'self' blob:",
        "frame-ancestors 'self'",
    ].join('; ');
    headers.set('Content-Security-Policy', csp);

    return response;
}

export const config = {
    // Empfohlener Matcher aus der next-intl Doku:
    // alle Routen außer _next, API und statischen Dateien
    matcher: ['/((?!api|_next|.*\\..*).*)']
};