export default defineNuxtRouteMiddleware(async (to) => {
  // Skip auth for SSR
  if (import.meta.server) return;

  // Check if auth is required (default true unless explicitly set to false)
  const isAuthRequired = to.meta.auth !== false;
  
  try {
    // Only use Directus auth for now (disable Keycloak temporarily)
    const { fetchUser, setUser } = useDirectusAuth();
    const directusUser = useDirectusUser();
    
    if (!directusUser.value) {
      try {
        const user = await fetchUser();
        setUser(user.value);
      } catch (error) {
        // Ignore directus auth errors for public pages
        if (!isAuthRequired) {
          return;
        }
      }
    }

    if (directusUser.value) {
      // User authenticated with Directus
      return;
    }

    // No authentication found
    if (isAuthRequired) {
      // Redirect to login page
      return navigateTo('/login');
    }
  } catch (error) {
    console.error('Auth middleware error:', error);
    if (isAuthRequired) {
      return navigateTo('/login');
    }
  }
});