import Vapor

public struct RoleMiddleware<User: ManagedUser>: AsyncMiddleware {
    private let role: String

    public init (role: String) {
        self.role = role
    }

    public func respond (to request: Request, chainingTo next: any AsyncResponder) async throws -> Response {
        guard let user = request.auth.get (User.self),
              user.roles.contains (role) else {
            return request.redirect(to: try Environment.baseURL.absoluteString)
        }

        return try await next.respond (to: request)
    }
}

public struct RoleAPIMiddleware<User: ManagedUser>: AsyncMiddleware {
    private let role: String

    public init (role: String) {
        self.role = role
    }

    public func respond (to request: Request, chainingTo next: any AsyncResponder) async throws -> Response {
        let user = try request.auth.require (User.self)
        guard user.roles.contains (role) else {
            throw Abort (.forbidden)
        }

        return try await next.respond (to: request)
    }
}