export default defineNuxtRouteMiddleware(async (to, from) => {
  const config = useRuntimeConfig();
  const isComingSoonMode =
    config.public.comingSoon === "true" || config.public.comingSoon === true;

  // Only enforce coming soon mode if enabled
  if (!isComingSoonMode) {
    return;
  }

  // Allow access to the coming-soon page, OIDC login, and admin routes
  if (
    to.path === "/coming-soon" ||
    to.path === "/auth/wiki-login" ||
    to.path === "/auth/oidc-error" ||
    to.path === "/auth/logout-confirm" ||
    to.path === "/auth/logout-success" ||
    to.path === "/verify" ||
    to.path.startsWith("/admin")
  ) {
    return;
  }

  // Logged-in admins bypass coming-soon (and see the public site + their dashboard)
  try {
    const headers = import.meta.server ? useRequestHeaders(["cookie"]) : undefined;
    const member = await $fetch("/api/auth/member", { headers });
    if (member?.role === "admin") return;
  } catch {
    // Not authenticated — fall through to redirect
  }

  // Redirect all other routes to coming-soon
  return navigateTo("/coming-soon");
});