function requireAuth(req, res, next) {
  const userCookie = req.cookies.emby_user;
  if (!userCookie) {
    return res.status(401).json({ error: 'Not authenticated' });
  }
  try {
    req.user = JSON.parse(userCookie);
  } catch {
    return res.status(401).json({ error: 'Invalid session' });
  }
  next();
}

module.exports = requireAuth;