import { Request, Response, NextFunction, Router, Express } from "express";
import userGuard from "./user-guard";
import { MetadataRouter } from "@dunemask/vix/express";
import { Policy } from "@lib/Policies";
import { AuthErrors } from "@lib/vix/ClientErrors";
import { UserRequest } from "@lib/types/ApiRequests";

export default function policyMiddlewareGuard(requiredPolicies: Policy[]) {
  const middlewares: MetadataRouter = Router({ mergeParams: true });

  async function policyAuthMiddleware(req: Request, res: Response, next: NextFunction) {
    const { user, policies: userPolicies } = req as UserRequest;
    if (!user) throw AuthErrors.UnauthorizedRequest;
    if (!userPolicies) throw AuthErrors.UnauthorizedRequest;
    if (!Policy.multiAuthorizedTo(userPolicies, requiredPolicies)) throw AuthErrors.ForbiddenPermissions;
    if (!next) return res.sendStatus(200);
    next();
  }
  middlewares.routeMetadata = { authType: "policy" };
  middlewares.use([userGuard(), policyAuthMiddleware]);
  return middlewares;
}