import type { NextConfig } from "next";

const isProduction =
  process.env.NEXT_PUBLIC_APP_URL?.includes("trptk.com") &&
  !process.env.NEXT_PUBLIC_APP_URL?.includes("staging");

const securityHeaders = [
  { key: "X-Content-Type-Options", value: "nosniff" },
  { key: "X-Frame-Options", value: "DENY" },
  { key: "X-XSS-Protection", value: "1; mode=block" },
  { key: "Referrer-Policy", value: "strict-origin-when-cross-origin" },
  { key: "Permissions-Policy", value: "camera=(), microphone=(), geolocation=()" },
  { key: "Strict-Transport-Security", value: "max-age=63072000; includeSubDomains; preload" },
  {
    key: "Content-Security-Policy",
    value: [
      "default-src 'self'",
      "script-src 'self' 'unsafe-inline'",
      "style-src 'self' 'unsafe-inline'",
      "img-src 'self' https://cdn.sanity.io data:",
      "font-src 'self'",
      "connect-src 'self' https://*.sanity.io",
      "media-src 'self' https://cdn.sanity.io",
      "frame-src 'self' https://*.mollie.com https://www.youtube-nocookie.com",
      "frame-ancestors 'none'",
    ].join("; "),
  },
];

const nextConfig: NextConfig = {
  output: "standalone",
  images: {
    remotePatterns: [
      {
        protocol: "https",
        hostname: "cdn.sanity.io",
      },
    ],
    loader: 'custom',
    loaderFile: './lib/sanityImageLoader.ts',
  },
  async headers() {
    // On non-production environments, tell search engines not to index
    const robotsHeaders = isProduction
      ? []
      : [{ key: "X-Robots-Tag", value: "noindex, nofollow" }];

    return [
      {
        source: "/(.*)",
        headers: [...securityHeaders, ...robotsHeaders],
      },
      {
        // Prevent caching of authenticated API responses
        source: "/api/account/:path*",
        headers: [
          ...securityHeaders,
          { key: "Cache-Control", value: "no-store, max-age=0" },
        ],
      },
    ];
  },
};

export default nextConfig;