import { defineEventHandler, createError } from 'h3'
import { getSubdomainFromRequest } from '~/server/utils/tenant'
import { getSessionToken } from '~/server/utils/session'

export default defineEventHandler(async (event) => {
  const config = useRuntimeConfig()
  const subdomain = getSubdomainFromRequest(event)
  const token = getSessionToken(event)

  if (!token) {
    throw createError({
      statusCode: 401,
      statusMessage: 'Not authenticated',
    })
  }

  const backendUrl = config.backendUrl || 'http://localhost:3000'

  try {
    // Fetch current user from backend
    const response = await fetch(`${backendUrl}/api/auth/me`, {
      method: 'GET',
      headers: {
        'Content-Type': 'application/json',
        'Authorization': `Bearer ${token}`,
        ...(subdomain && { 'x-tenant-subdomain': subdomain }),
      },
    })

    if (!response.ok) {
      if (response.status === 401) {
        throw createError({
          statusCode: 401,
          statusMessage: 'Session expired',
        })
      }
      throw createError({
        statusCode: response.status,
        statusMessage: 'Failed to fetch user',
      })
    }

    const user = await response.json()

    return {
      authenticated: true,
      user,
    }
  } catch (error: any) {
    if (error.statusCode) {
      throw error
    }
    
    console.error('Auth check error:', error)
    throw createError({
      statusCode: 500,
      statusMessage: 'Failed to verify authentication',
    })
  }
})