import type { H3Event } from 'h3'

export async function requireAuth(event: H3Event) {
  const session = await getUserSession(event)
  if (!session?.user) {
    throw createError({ statusCode: 401, statusMessage: 'Non authentifié' })
  }
  return session.user as { id: number; email: string; name: string; role: string; memberId?: number }
}

export async function requireRole(event: H3Event, ...roles: string[]) {
  const user = await requireAuth(event)
  if (!roles.includes(user.role)) {
    throw createError({ statusCode: 403, statusMessage: 'Accès refusé' })
  }
  return user
}

export function isAdminOrReferent(role: string) {
  return ['admin', 'referent'].includes(role)
}