corrad-af-2024/server/api/auth/validate.js

// Validate current authentication status
export default defineEventHandler(async (event) => {
  const config = useRuntimeConfig();
  
  try {
    const authToken = getCookie(event, 'auth_token');
    
    if (!authToken) {
      return {
        statusCode: 401,
        message: "Not authenticated - no token found"
      };
    }

    // Verify token with Authentik
    const userInfo = await $fetch(`${config.public.authentikUrl}/application/o/userinfo/`, {
      headers: {
        'Authorization': `Bearer ${authToken}`
      }
    });

    if (!userInfo) {
      return {
        statusCode: 401,
        message: "Invalid token"
      };
    }

    return {
      statusCode: 200,
      message: "Authorized",
      user: userInfo
    };
  } catch (error) {
    console.error('Token validation error:', error);
    return {
      statusCode: 401,
      message: "Unauthorized - token validation failed"
    };
  }
});