import { UNAUTHORIZED_MESSAGE } from "#server/constants/auth";
import { isAllowlistedApiPath } from "#server/utils/auth-api-routes";

export default eventHandler(async (event) => {
  const path = event.path;
  if (!path.startsWith("/api/")) {
    return;
  }
  if (path.startsWith("/api/_nuxt_icon")) {
    return;
  }

  if (isAllowlistedApiPath(path, event.method)) {
    return;
  }

  const user = await event.context.auth.getCurrent();
  if (user) {
    return;
  }

  throw createError({
    statusCode: 401,
    statusMessage: UNAUTHORIZED_MESSAGE,
  });
});