import { NextResponse, NextRequest } from "next/server";

const protectedApi = [
  /^\/api\/posts\/[^/]+\/pin$/,
  /^\/api\/posts\/[^/]+\/approve$/,
];

export function middleware(req: NextRequest) {
  const { pathname } = req.nextUrl;
  const needAuth = protectedApi.some((re) => re.test(pathname));
  if (!needAuth) return NextResponse.next();
  const uid = req.cookies.get("uid")?.value;
  if (!uid) return new NextResponse(JSON.stringify({ error: "Unauthorized" }), { status: 401 });
  return NextResponse.next();
}

export const config = {
  matcher: ["/api/:path*"],
};