import axios from 'axios';

const targetUrl = process.argv[2] || process.env.NEXT_PUBLIC_BASE_URL || 'http://localhost:3000';
const gatekeeperPassword = process.env.GATEKEEPER_PASSWORD || 'klz2026';

const requiredHeaders = [
  'strict-transport-security',
  'x-frame-options',
  'x-content-type-options',
  'referrer-policy',
  'content-security-policy',
];

async function main() {
  console.log(`\n🛡️ Starting Security Headers Scan for: ${targetUrl}\n`);
  try {
    const response = await axios.head(targetUrl, {
      headers: { Cookie: `klz_gatekeeper_session=${gatekeeperPassword}` },
      validateStatus: () => true,
    });

    const headers = response.headers;
    let allPassed = true;

    const results = requiredHeaders.map((header) => {
      const present = !!headers[header];
      if (!present) allPassed = false;
      return {
        Header: header,
        Status: present ? '✅ Present' : '❌ Missing',
        Value: present
          ? headers[header].length > 50
            ? headers[header].substring(0, 47) + '...'
            : headers[header]
          : 'N/A',
      };
    });

    console.table(results);

    if (allPassed) {
      console.log(`\n✅ All required security headers are correctly configured!\n`);
      process.exit(0);
    } else {
      console.log(`\n❌ Missing critical security headers. Please update next.config.mjs!\n`);
      process.exit(process.env.CI ? 1 : 0); // Don't crash local dev hard if missing, but crash CI
    }
  } catch (error: any) {
    console.error(`❌ Failed to scan headers: ${error.message}`);
    process.exit(1);
  }
}

main();