// Route guard: bootstraps the session (server -> client cookie roundtrip,
// then optional /auth/refresh), and redirects to /login if no session.
//
// Skip on SSR: auth state lives entirely in the browser. Dashboard pages
// render their own client-side loading state while we resolve.

export default defineNuxtRouteMiddleware(async (to) => {
  if (import.meta.server) return
  const auth = useAuth()
  const ok = await auth.bootstrap()
  if (!ok) {
    return navigateTo({ path: '/login', query: { redirect: to.fullPath } })
  }
})