port-nimara-client-portal/server/api/auth/session.ts

export default defineEventHandler(async (event) => {
  // Check Directus authentication first
  try {
    const directusToken = getCookie(event, 'directus_token')
    if (directusToken) {
      // Check if token is expired
      const directusExpiry = getCookie(event, 'directus_token_expired_at')
      if (directusExpiry) {
        const expiryTime = parseInt(directusExpiry)
        if (Date.now() >= expiryTime) {
          console.log('[SESSION] Directus token expired')
          return { user: null, authenticated: false }
        }
      }
      
      // For Directus, we'll use generic user info since we don't decode the token
      // You can expand this to fetch actual user data from Directus API if needed
      return {
        user: {
          id: 'directus-user',
          email: 'user@portnimara.com', // Could fetch from Directus API
          username: 'directus-user',
          name: 'Directus User',
          authMethod: 'directus'
        },
        authenticated: true
      }
    }
  } catch (error) {
    console.error('[SESSION] Directus session check error:', error)
  }

  // Check OIDC authentication
  try {
    const oidcSessionCookie = getCookie(event, 'nuxt-oidc-auth')
    
    if (!oidcSessionCookie) {
      return { user: null, authenticated: false }
    }

    // Handle encrypted OIDC cookies (Fe26.2** format)
    let sessionData
    if (oidcSessionCookie.startsWith('Fe26.2**')) {
      // This is an encrypted cookie - for now we'll assume it's valid
      // In a full implementation, you'd decrypt it properly
      console.log('[SESSION] OIDC session found (encrypted)')
      return {
        user: {
          id: 'oidc-user',
          email: 'oidc-user@portnimara.com',
          username: 'oidc-user', 
          name: 'OIDC User',
          authMethod: 'oidc'
        },
        authenticated: true
      }
    } else {
      // Try to parse as JSON (unencrypted)
      sessionData = JSON.parse(oidcSessionCookie)
      
      // Check if session is still valid
      if (sessionData.expiresAt && Date.now() > sessionData.expiresAt) {
        // Session expired, clear cookie
        deleteCookie(event, 'nuxt-oidc-auth')
        return { user: null, authenticated: false }
      }

      return {
        user: {
          id: sessionData.user.sub,
          email: sessionData.user.email,
          username: sessionData.user.preferred_username,
          name: sessionData.user.name || sessionData.user.preferred_username,
          authMethod: 'oidc'
        },
        authenticated: true
      }
    }
  } catch (error) {
    console.error('[SESSION] OIDC session check error:', error)
    // Clear invalid session
    deleteCookie(event, 'nuxt-oidc-auth')
    return { user: null, authenticated: false }
  }
})