fix(api): add missing validateSessionRequest function for API v1 auth

The API v1 middleware needs this function to validate session-based authentication. This function extracts the session cookie, validates it with Lucia, and handles session refresh/cleanup.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: InfantLab

app/server/utils/auth.ts

@@ -1,3 +1,4 @@
+import type { H3Event } from "h3";
 import { Lucia } from "lucia";
 import { DrizzleSQLiteAdapter } from "@lucia-auth/adapter-drizzle";
 import { db } from "~/server/db";
@@ -40,3 +41,41 @@ declare module "h3" {
     session: import("lucia").Session | null;
   }
 }
+
+/**
+ * Validates a session from an HTTP request
+ * Returns the session and user if valid, or null if invalid/missing
+ */
+export async function validateSessionRequest(event: H3Event) {
+  const sessionId = getCookie(event, lucia.sessionCookieName) ?? null;
+
+  if (!sessionId) {
+    return { session: null, user: null };
+  }
+
+  const { session, user } = await lucia.validateSession(sessionId);
+
+  // Refresh session cookie if needed
+  if (session && session.fresh) {
+    const sessionCookie = lucia.createSessionCookie(session.id);
+    setCookie(
+      event,
+      sessionCookie.name,
+      sessionCookie.value,
+      sessionCookie.attributes,
+    );
+  }
+
+  // Clear expired session cookie
+  if (!session) {
+    const blankCookie = lucia.createBlankSessionCookie();
+    setCookie(
+      event,
+      blankCookie.name,
+      blankCookie.value,
+      blankCookie.attributes,
+    );
+  }
+
+  return { session, user };
+}