import { getServerSession } from "next-auth";
import { NextResponse } from "next/server";
import { authOptions } from "./auth";

export async function requireSession() {
  const session = await getServerSession(authOptions);
  if (!session?.user?.email) {
    return { session: null, response: NextResponse.json({ error: "Unauthorized" }, { status: 401 }) };
  }
  if (session.user.status && session.user.status !== "ACTIVE") {
    return {
      session: null,
      response: NextResponse.json({ error: "Account nicht freigeschaltet." }, { status: 403 })
    };
  }
  if (session.user.emailVerified === false) {
    return {
      session: null,
      response: NextResponse.json({ error: "E-Mail nicht verifiziert." }, { status: 403 })
    };
  }
  return { session, response: null };
}

export function isAdminSession(session: { user?: { role?: string } } | null) {
  return session?.user?.role === "ADMIN" || session?.user?.role === "SUPERADMIN";
}

export function isSuperAdminSession(session: { user?: { role?: string } } | null) {
  return session?.user?.role === "SUPERADMIN";
}