import { defineConfig } from 'vite'
import react from '@vitejs/plugin-react'

// Security plugin to block sensitive files
const securityPlugin = () => {
  return {
    name: 'security-plugin',
    configureServer(server: any) {
      server.middlewares.use((req: any, res: any, next: any) => {
        const url = req.url?.toLowerCase() || '';
        
        // Only block the most critical sensitive files
        const blockedFiles = [
          '/config.json',
          '/config.example.json',
          '/.env'
        ];

        // Block specific directory traversal attempts  
        const blockedPaths = [
          '/server/',
          '/.git/'
        ];

        // Check for exact file matches
        const isBlockedFile = blockedFiles.includes(url);
        
        // Check for blocked directory access
        const isBlockedPath = blockedPaths.some(path => url.startsWith(path));

        if (isBlockedFile || isBlockedPath) {
          console.warn(`🚫 Blocked access to sensitive file: ${req.url} from ${req.headers['x-forwarded-for'] || req.socket.remoteAddress}`);
          res.statusCode = 403;
          res.setHeader('Content-Type', 'application/json');
          res.end(JSON.stringify({ 
            error: 'Access denied',
            message: 'This resource is not available'
          }));
          return;
        }

        next();
      });
    }
  };
};

export default defineConfig({
  plugins: [react(), securityPlugin()],
  publicDir: 'public',
  server: {
    host: '0.0.0.0',
    port: 3000,
    allowedHosts: ['radar.roo.lol', 'zendo.brechtel', '100.73.14.1'],
    proxy: {
      '/api': 'http://localhost:3001'
    }
  },
  build: {
    rollupOptions: {
      // These files should not be bundled into the build
      external: (id) => {
        // Only externalize if it's exactly these files
        return id === 'config.json' || id === '.env' || id === 'config.example.json'
      }
    }
  }
})