lib/src/auth/middleware/GuestRequiredMiddleware.ts

import {Middleware} from '../../http/routing/Middleware'
import {Inject, Injectable} from '../../di'
import {SecurityContext} from '../context/SecurityContext'
import {ResponseObject} from '../../http/routing/Route'
import {error} from '../../http/response/ErrorResponseFactory'
import {NotAuthorizedError} from '../NotAuthorizedError'
import {HTTPStatus} from '../../util'
import {Routing} from '../../service/Routing'
import {redirect} from '../../http/response/RedirectResponseFactory'

// TODO handle JSON and non-web

@Injectable()
export class GuestRequiredMiddleware extends Middleware {
    @Inject()
    protected readonly security!: SecurityContext

    @Inject()
    protected readonly routing!: Routing

    async apply(): Promise<ResponseObject> {
        if ( this.security.hasUser() ) {
            if ( this.routing.hasNamedRoute('@auth.redirectFromGuest') ) {
                return redirect(this.routing.getNamedPath('@auth.redirectFromGuest').toRemote)
            } else {
                return error(new NotAuthorizedError(), HTTPStatus.FORBIDDEN)
            }
        }
    }
}