import { recordEvent, getSetting } from './lib/store.js';
import { createHash } from 'node:crypto';

const USER = process.env.ADMIN_USER || 'admin';
const PASS = process.env.ADMIN_PASS || 'admin';

const SKIP = ['/api/', '/uploads/', '/_astro', '/favicon', '/_image', '/robots.txt'];

function sessionHash(request) {
  const ua = request.headers.get('user-agent') || '';
  const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'local';
  const day = new Date().toISOString().slice(0, 10);
  return createHash('sha256').update(ip + ua + day).digest('hex').slice(0, 16);
}

export function onRequest({ request }, next) {
  const url = new URL(request.url);
  const path = url.pathname;

  // --- Admin Basic-Auth ---
  if (path.startsWith('/admin')) {
    const hdr = request.headers.get('authorization') || '';
    if (hdr.startsWith('Basic ')) {
      let dec = ''; try { dec = atob(hdr.slice(6)); } catch {}
      const i = dec.indexOf(':');
      if (i > -1 && dec.slice(0, i) === USER && dec.slice(i + 1) === PASS) return next();
    }
    const shop = getSetting('shop_name', 'hd-commerce');
    return new Response('Authentifizierung erforderlich', {
      status: 401,
      headers: { 'WWW-Authenticate': `Basic realm="${shop} Admin", charset="UTF-8"` },
    });
  }

  // --- First-Party Pageview-Tracking (nur Storefront-GET-Seiten) ---
  if (request.method === 'GET' && !SKIP.some(s => path.startsWith(s))) {
    try {
      recordEvent({
        type: 'pageview', path,
        referrer: request.headers.get('referer') || '',
        utm_source: url.searchParams.get('utm_source') || '',
        utm_medium: url.searchParams.get('utm_medium') || '',
        utm_campaign: url.searchParams.get('utm_campaign') || '',
        session: sessionHash(request),
      });
    } catch {}
  }

  return next();
}