export default defineEventHandler(async (event) => {
  console.log('[SESSION] Checking authentication session...')

  // Check OIDC/Keycloak authentication only
  try {
    const oidcSessionCookie = getCookie(event, 'nuxt-oidc-auth')
    
    if (!oidcSessionCookie) {
      console.log('[SESSION] No OIDC session cookie found')
      return { user: null, authenticated: false }
    }

    console.log('[SESSION] OIDC session cookie found, parsing...')

    let sessionData
    try {
      // Parse the session data
      sessionData = JSON.parse(oidcSessionCookie)
      console.log('[SESSION] Session data parsed successfully:', {
        hasUser: !!sessionData.user,
        hasAccessToken: !!sessionData.accessToken,
        expiresAt: sessionData.expiresAt,
        createdAt: sessionData.createdAt,
        timeUntilExpiry: sessionData.expiresAt ? sessionData.expiresAt - Date.now() : 'unknown'
      })
    } catch (parseError) {
      console.error('[SESSION] Failed to parse session cookie:', parseError)
      // Clear invalid session
      deleteCookie(event, 'nuxt-oidc-auth', {
        domain: '.portnimara.dev',
        path: '/'
      })
      return { user: null, authenticated: false }
    }

    // Validate session structure
    if (!sessionData.user || !sessionData.accessToken) {
      console.error('[SESSION] Invalid session structure:', {
        hasUser: !!sessionData.user,
        hasAccessToken: !!sessionData.accessToken
      })
      deleteCookie(event, 'nuxt-oidc-auth', {
        domain: '.portnimara.dev',
        path: '/'
      })
      return { user: null, authenticated: false }
    }

    // Check if session is still valid
    if (sessionData.expiresAt && Date.now() > sessionData.expiresAt) {
      console.log('[SESSION] Session expired:', {
        expiresAt: sessionData.expiresAt,
        currentTime: Date.now(),
        expiredSince: Date.now() - sessionData.expiresAt
      })
      // Session expired, clear cookie
      deleteCookie(event, 'nuxt-oidc-auth', {
        domain: '.portnimara.dev',
        path: '/'
      })
      return { user: null, authenticated: false }
    }

    console.log('[SESSION] Valid session found for user:', {
      id: sessionData.user.id,
      email: sessionData.user.email,
      username: sessionData.user.username
    })

    return {
      user: {
        id: sessionData.user.id,
        email: sessionData.user.email,
        username: sessionData.user.username,
        name: sessionData.user.name,
        authMethod: sessionData.user.authMethod || 'keycloak'
      },
      authenticated: true
    }
  } catch (error) {
    console.error('[SESSION] OIDC session check error:', error)
    // Clear invalid session
    deleteCookie(event, 'nuxt-oidc-auth', {
      domain: '.portnimara.dev',
      path: '/'
    })
    return { user: null, authenticated: false }
  }
})