nanodrop/src/middleware/auth.ts

import type { FastifyRequest, FastifyReply } from 'fastify';

export async function requireAuth(request: FastifyRequest, reply: FastifyReply): Promise<void> {
  try {
    await request.jwtVerify();
  } catch {
    // API routes get 401, page routes get redirect
    const isApi = request.url.startsWith('/api/');
    if (isApi) {
      reply.status(401).send({ error: 'Unauthorized' });
    } else {
      reply.redirect('/');
    }
  }
}