import type { NextRequest } from 'next/server'

const LOCAL_HOST_RE = /^(localhost|127\.0\.0\.1)(:\d+)?$/i

function trimOrigin(value: string): string {
    return String(value ?? '').trim().replace(/\/$/, '')
}

/** 從環境變數讀取對外網域（build 時內嵌 NEXT_PUBLIC_*） */
export function getAppOriginFromEnv(): string {
    const raw =
        process.env.NEXT_PUBLIC_APP_ORIGIN ||
        process.env.APP_ORIGIN ||
        process.env.NEXT_PUBLIC_WHIP_PUBLISH_ORIGIN ||
        ''
    return trimOrigin(raw)
}

/** 從 proxy 轉發的 request headers 推斷對外 origin */
export function getAppOriginFromHeaders(
    headers: Headers | { get(name: string): string | null }
): string {
    const forwardedHost = headers.get('x-forwarded-host')
    const host = (forwardedHost?.split(',')[0] || headers.get('host') || '').trim()
    if (!host || LOCAL_HOST_RE.test(host)) return ''

    const forwardedProto = headers.get('x-forwarded-proto')?.split(',')[0]?.trim()
    const proto =
        forwardedProto ||
        (LOCAL_HOST_RE.test(host) ? 'http' : 'https')

    return `${proto}://${host}`
}

export function getAppOriginFromRequest(request: NextRequest): string {
    return getAppOriginFromEnv() || getAppOriginFromHeaders(request.headers)
}

/**
 * 登入頁完整 URL（避免反向代理下 redirect 變成 localhost:3000）
 */
export function buildLoginUrl(redirectPath: string, origin?: string): string {
    const base = trimOrigin(origin ?? '') || getAppOriginFromEnv()
    const search = `redirect=${encodeURIComponent(redirectPath)}`
    if (base) return `${base}/login?${search}`
    return `/login?${search}`
}

/**
 * 修正 nextUrl / request.url 在 GCP 上仍為 localhost 的情況
 */
export function resolvePublicOrigin(
    request: NextRequest,
    fallbackOrigin?: string
): string {
    const fromRequest = getAppOriginFromRequest(request)
    if (fromRequest) return fromRequest

    const fallback = trimOrigin(fallbackOrigin ?? request.nextUrl.origin)
    if (fallback && !LOCAL_HOST_RE.test(new URL(fallback).host)) {
        return fallback
    }

    return getAppOriginFromEnv()
}
