import { UNAUTHORIZED_MESSAGE } from "#server/constants/auth";
import { isAllowlistedApiPath } from "#server/utils/auth-api-routes";
import { getCurrentUser } from "#server/utils/context";

export default eventHandler(async (event) => {
  const path = event.path;
  if (!path.startsWith("/api/")) {
    return;
  }
  // if (path.startsWith("/api/_nuxt_icon")) {
  //   return;
  // }

  if (isAllowlistedApiPath(path, event.method)) {
    return;
  }

  const user = await getCurrentUser(event);
  if (user) {
    return;
  }

  throw createError({
    statusCode: 401,
    statusMessage: UNAUTHORIZED_MESSAGE,
  });
});