import { NextResponse } from "next/server"
import type { NextRequest } from "next/server"

// Routes that require authentication
const protectedPaths = ["/dashboard", "/historik", "/admin"]

export function middleware(request: NextRequest) {
  const { pathname } = request.nextUrl

  // Check if path requires authentication
  const isProtectedPath = protectedPaths.some((path) => pathname.startsWith(path))

  if (!isProtectedPath) {
    return NextResponse.next()
  }

  // Check for session cookie
  const sessionCookie = request.cookies.get("session")

  if (!sessionCookie?.value) {
    // Redirect to login
    const loginUrl = new URL("/login", request.url)
    loginUrl.searchParams.set("redirect", pathname)
    return NextResponse.redirect(loginUrl)
  }

  // Cookie exists - let the page validate the session
  // (Session validation happens server-side in the page)
  return NextResponse.next()
}

export const config = {
  matcher: ["/dashboard/:path*", "/historik/:path*", "/admin/:path*"],
}