import { NextRequest, NextResponse } from 'next/server'

export function middleware(request: NextRequest) {
  // Simple basic auth for dashboard protection
  const authHeader = request.headers.get('authorization')
  
  if (!authHeader) {
    return new NextResponse(null, {
      status: 401,
      headers: {
        'WWW-Authenticate': 'Basic realm="CHORUS Dashboard"',
      },
    })
  }
  
  const credentials = authHeader.split(' ')[1]
  const [username, password] = Buffer.from(credentials, 'base64').toString().split(':')
  
  // Simple hardcoded credentials - in production, use environment variables
  const validUsername = process.env.DASHBOARD_USERNAME || 'chorus'
  const validPassword = process.env.DASHBOARD_PASSWORD || 'services2025!'
  
  if (username !== validUsername || password !== validPassword) {
    return new NextResponse(null, {
      status: 401,
      headers: {
        'WWW-Authenticate': 'Basic realm="CHORUS Dashboard"',
      },
    })
  }
  
  return NextResponse.next()
}

export const config = {
  matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
}