export default defineNuxtRouteMiddleware((to) => {
  const { loggedIn, session } = useUserSession();
  const hasRole = (role: string) => session.value?.user?.roles?.includes(role) || false;
  if (!loggedIn.value) {
    return navigateTo(`/connexion?redirect=${encodeURIComponent(to.fullPath)}`);
  }
  if (!to.meta.role) {
    throw createError({ statusCode: 500, statusMessage: "Erreur serveur", message: "Le paramètre 'role' est requis (hasRole)." });
  }
  if (!hasRole(to.meta.role)) {
    throw createError({ statusCode: 403, statusMessage: "Accès refusé", message: `Le rôle '${to.meta.role}' est requis.` });
  }
});

declare module "#app" {
  interface PageMeta {
    role?: string;
  }
}