import { cookies } from 'next/headers';
import { getIronSession } from 'iron-session';

const sessionOptions = {
  cookieName: 'zeropost_session',
  password: process.env.SESSION_SECRET || 'this_is_a_dev_secret_change_in_prod_at_least_32_chars',
  cookieOptions: {
    secure: process.env.NODE_ENV === 'production',
    sameSite: 'lax',
    httpOnly: true,
    maxAge: 60 * 60 * 24 * 30,
  },
};

export async function getSession() {
  const cookieStore = await cookies();
  return getIronSession(cookieStore, sessionOptions);
}

export async function requireUser() {
  const s = await getSession();
  if (!s.userId) return null;
  return { id: s.userId, email: s.email, name: s.name, isAdmin: !!s.isAdmin };
}

export async function requireAdmin() {
  const u = await requireUser();
  if (!u || !u.isAdmin) return null;
  return u;
}