import Vapor

extension RoutesBuilder {

  // Used to ensure views are protected, redirects users to the login page if they're
  // not authenticated.
  var protected: any RoutesBuilder {
    grouped(
      User.credentialsAuthenticator(),
      User.redirectMiddleware { req in
        "login?next=\(req.url)"
      }
    )
  }

  func apiUnprotected(route: PathComponent) -> any RoutesBuilder {
    grouped("api", "v1", route)
  }

  // Allows basic or token authentication for api routes and prefixes the
  // given route with "/api/v1".
  func apiProtected(route: PathComponent) -> any RoutesBuilder {
    let prefixed = grouped("api", "v1", route)
    return prefixed.grouped(
      User.authenticator(),
      UserToken.authenticator(),
      User.guardMiddleware()
    )
  }
}