import type { NextConfig } from "next";

import { nonCspSecurityHeaders } from "./src/lib/csp-config";

const lotteryApiProxyTarget =
  process.env.API_BASE_URL?.trim() || "http://127.0.0.1:8000";

const nextConfig: NextConfig = {
  allowedDevOrigins: ["192.168.0.101"],
  reactCompiler: true,

  // 非 CSP 安全头；CSP 由 middleware 按后台接入站点白名单动态生成。
  async headers() {
    return [
      {
        source: "/:path*",
        headers: nonCspSecurityHeaders,
      },
    ];
  },

  async rewrites() {
    return [
      {
        source: "/api/:path*",
        destination: `${lotteryApiProxyTarget}/api/:path*`,
      },
    ];
  },
};

export default nextConfig;