lib/src/auth/middleware/AuthRequiredMiddleware.ts

import {Middleware} from '../../http/routing/Middleware'
import {Inject, Injectable} from '../../di'
import {SecurityContext} from '../context/SecurityContext'
import {ResponseObject} from '../../http/routing/Route'
import {error} from '../../http/response/ErrorResponseFactory'
import {NotAuthorizedError} from '../NotAuthorizedError'
import {HTTPStatus} from '../../util'
import {redirect} from '../../http/response/RedirectResponseFactory'
import {Routing} from '../../service/Routing'
import {Session} from '../../http/session/Session'

// TODO handle JSON and non-web

@Injectable()
export class AuthRequiredMiddleware extends Middleware {
    @Inject()
    protected readonly security!: SecurityContext

    @Inject()
    protected readonly routing!: Routing

    @Inject()
    protected readonly session!: Session

    async apply(): Promise<ResponseObject> {
        if ( !this.security.hasUser() ) {
            this.session.set('@extollo:auth.intention', this.request.url)

            if ( this.routing.hasNamedRoute('@auth:login') ) {
                return redirect(this.routing.getNamedPath('@auth:login').toRemote)
            } else {
                return error(new NotAuthorizedError(), HTTPStatus.FORBIDDEN)
            }
        }
    }
}