import { useProfileSession, usePermissions, useApi } from "#imports";

export default defineNuxtRouteMiddleware(async (to) => {
  const { ensureSession, activeProfile } = useProfileSession();
  await ensureSession();

  const rawPath = to?.path ?? "";
  const normalizedPath = rawPath.startsWith("/") ? rawPath : `/${rawPath}`;
  const fullPath = to?.fullPath ?? normalizedPath;
  const routeName = typeof to?.name === "string" ? to.name : "";
  const isProfilesRoute =
    normalizedPath.startsWith("/profiles") ||
    fullPath.startsWith("/profiles") ||
    routeName.startsWith("profiles");
  const isMaintenanceRoute = normalizedPath === "/maintenance";

  // Redirect to login if no active profile
  if (!activeProfile.value && !isProfilesRoute && !isMaintenanceRoute) {
    return navigateTo("/profiles");
  }

  // Permission checks
  if (activeProfile.value) {
    const { isAdmin } = usePermissions();

    // Admin-only routes
    if (normalizedPath.startsWith("/admin")) {
      if (!isAdmin.value) {
        return navigateTo("/");
      }
    }

    // Maintenance mode check for non-admin users
    if (!isAdmin.value && !isMaintenanceRoute && !isProfilesRoute) {
      const { apiCall } = useApi();
      const res = await apiCall<{ enabled: boolean }>('/maintenance/check');
      if (res.success && res.data?.enabled) {
        return navigateTo("/maintenance");
      }
    }
  }
});