export default defineEventHandler((event) => {
  const config = useRuntimeConfig()

  if (!config.adminSecret) {
    throw createError({ statusCode: 503, statusMessage: 'Admin not configured' })
  }

  const token = getAdminToken(event)
  if (!token) {
    throw createError({ statusCode: 401, statusMessage: 'Not authenticated' })
  }

  const payload = verifyToken(token, config.adminSecret)
  if (!payload) {
    clearAdminCookie(event)
    throw createError({ statusCode: 401, statusMessage: 'Invalid or expired token' })
  }

  return { authenticated: true }
})