// Mount the nuxt-oidc-auth session store on Redis when configured.
//
// The module persists sessions via useStorage('oidc'); the default mount is
// per-pod memory, which 401s every request that lands on a replica that
// didn't mint the session AND drops all sessions on each deploy. Mounting at
// runtime (instead of nitro.storage in nuxt.config) keeps the Redis URL out
// of the build — same reason the OIDC provider config is env-driven.
//
// SESSION_REDIS_URL is set in production (fleet/apps/operator.yaml, value in
// operator-secrets). Unset in dev → in-memory mount stays, no Redis needed.
import redisDriver from 'unstorage/drivers/redis'

export default defineNitroPlugin(() => {
  const url = process.env.SESSION_REDIS_URL
  if (!url) return
  useStorage().mount(
    'oidc',
    redisDriver({
      url,
      base: 'oidc:operator',
      // Safety net against orphaned sessions accumulating forever; well above
      // any real session lifetime.
      ttl: 60 * 60 * 24 * 14,
    }),
  )
})