import {Middleware} from '../../http/routing/Middleware'
import {Inject, Injectable} from '../../di'
import {SecurityContext} from '../SecurityContext'
import {ResponseObject} from '../../http/routing/Route'
import {error} from '../../http/response/ErrorResponseFactory'
import {NotAuthorizedError} from '../NotAuthorizedError'
import {HTTPStatus} from '../../util'
import {redirect} from '../../http/response/RedirectResponseFactory'
import {Routing} from '../../service/Routing'
import {Session} from '../../http/session/Session'

@Injectable()
export class AuthRequiredMiddleware extends Middleware {
    @Inject()
    protected readonly security!: SecurityContext

    @Inject()
    protected readonly routing!: Routing

    @Inject()
    protected readonly session!: Session

    async apply(): Promise<ResponseObject> {
        if ( !this.security.hasUser() ) {
            this.session.set('auth.intention', this.request.url)

            if ( this.routing.hasNamedRoute('@auth.login') ) {
                return redirect(this.routing.getNamedPath('@auth.login').toRemote)
            } else {
                return error(new NotAuthorizedError(), HTTPStatus.FORBIDDEN)
            }
        }
    }
}