Scrum4Me/lib/auth-guard.ts

import { redirect } from 'next/navigation'
import { getSession } from '@/lib/auth'
import { isPairedSessionExpired } from '@/lib/auth/pairing'

/**
 * Layout-side auth guard. Returns the session when valid; otherwise redirects
 * to /login (and destroys an expired paired-session first).
 *
 * Used by both `app/(app)/layout.tsx` (desktop) and `app/(mobile)/layout.tsx`.
 */
export async function requireSession() {
  const session = await getSession()

  if (!session.userId) {
    redirect('/login')
  }

  if (isPairedSessionExpired(session)) {
    await session.destroy()
    redirect('/login')
  }

  return session
}

export async function requireAdmin() {
  const session = await getSession()
  if (!session.userId || !session.isAdmin) {
    redirect('/dashboard')
  }
  return session
}