import { getSession } from './actions.js';
import { redirect } from 'next/navigation';

export async function protect({ redirectTo = '/auth/login' } = {}) {
  const session = await getSession();
  if (!session) redirect(redirectTo);
  return session;
}

export async function checkAuth() {
  return getSession();
}

export async function requireRole(allowedRoles = [], { redirectTo = '/auth/login', forbiddenRedirect = '/' } = {}) {
  const session = await getSession();
  if (!session) redirect(redirectTo);
  if (!allowedRoles.includes(session.user.role)) redirect(forbiddenRedirect);
  return session;
}