import { decryptToken } from '$lib/auth';
import type { Handle } from '@sveltejs/kit';
import { ROUTE_NAMES } from './routes';


export const handle: Handle = async ({ event, resolve }) => {
	const jwt = event.cookies.get('session');
	try {
		if (jwt) {
			event.locals.user = decryptToken(jwt);
			return resolve(event);
		}
	} catch (_) {
		event.cookies.delete('session', {path: ROUTE_NAMES.ROOT});
		event.locals.user = null;
	}

	if (event.url.pathname.startsWith('/api')) {
		if (!event.locals.user) {
			return new Response(JSON.stringify({ error: 'Unauthorized' }), {
				status: 401,
				headers: { 'Content-Type': 'application/json' }
			});
		}
	}

	return await resolve(event);
}