import type { MiddlewareHandler } from 'hono';
import { isAuthEnabled } from '../config.js';
import { validateSession } from './sessionStore.js';

export const authMiddleware: MiddlewareHandler = async (c, next) => {
  if (!isAuthEnabled()) {
    return next();
  }

  // Skip auth for auth routes themselves
  const path = new URL(c.req.url).pathname;
  if (path.startsWith('/api/auth')) {
    return next();
  }

  const header = c.req.header('Authorization');
  const token = header?.startsWith('Bearer ') ? header.slice(7) : null;

  if (!token || !validateSession(token)) {
    return c.json({ error: 'Unauthorized' }, 401);
  }

  return next();
};