import { NextRequest, NextResponse } from "next/server";

export async function middleware(request: NextRequest) {
  const { pathname } = request.nextUrl;

  // 只保护 /dashboard 路由
  if (!pathname.startsWith("/dashboard")) {
    return NextResponse.next();
  }

  // 检查 better-auth session cookie（cookie 前缀是 helios_auth）
  const sessionCookie =
    request.cookies.get("helios_auth.session_token") ??
    request.cookies.get("__Secure-helios_auth.session_token");

  if (!sessionCookie) {
    const loginUrl = new URL("/login", request.url);
    loginUrl.searchParams.set("from", pathname);
    return NextResponse.redirect(loginUrl);
  }

  return NextResponse.next();
}

export const config = {
  matcher: ["/dashboard/:path*"],
};