// import Fluent
// import Leaf
// import Vapor
//
// struct ViewController: RouteCollection {
//
//   private let api = ApiController()
//   private let employees = EmployeeViewController()
//   private let purchaseOrders = PurchaseOrderViewController()
//   private let users = UserViewController()
//   private let vendors = VendorViewController()
//
//   func boot(routes: any RoutesBuilder) throws {
//     let protected = routes.protected
//
//     // MARK: - Non-protected routes.
//
//     // routes.get(use: index(req:))
//     routes.get("login", use: getLogin(req:))
//     routes.post("login", use: postLogin(req:))
//
//     // MARK: Protected routes.
//
//     protected.get(use: home(req:))
//     protected.get("**", use: catchAll(req:))
//     protected.post("logout", use: logout(req:))
//     // protected.get("users", use: users(req:))
//     try routes.register(collection: employees)
//     try routes.register(collection: purchaseOrders)
//     try routes.register(collection: users)
//     try routes.register(collection: vendors)
//   }
//
//   @Sendable
//   func getLogin(req: Request) async throws -> View {
//     req.logger.debug("Login Query: \(req.url.query ?? "n/a")")
//     let params = try? req.query.decode(LoginParameter.self)
//     return try await req.view.render(
//       "login", UserFormCTX.signIn(next: params?.next)
//     )
//   }
//
//   @Sendable
//   func postLogin(req: Request) async throws -> Response {
//     let content = try req.content.decode(UserForm.self)
//     guard let user = try await User.query(on: req.db)
//       .filter(\.$username == content.username)
//       .first()
//     else {
//       throw Abort(.badRequest, reason: "User not found.")
//     }
//
//     guard try user.verify(password: content.password) else {
//       throw Abort(.unauthorized, reason: "Invalid password.")
//     }
//     req.auth.login(user)
//
//     req.logger.debug("User logged in: \(user.toDTO())")
//     return try await home(req: req)
//   }
//
//   @Sendable
//   func logout(req: Request) async throws -> View {
//     req.auth.logout(User.self)
//     return try await req.view.render("login")
//   }
//
//   @Sendable
//   func home(req: Request) async throws -> Response {
//     if let loginParams = try? req.query.decode(LoginParameter.self) {
//       return req.redirect(to: loginParams.next)
//     }
//     return try await req.view.render("home").encodeResponse(for: req)
//   }
//
//   @Sendable
//   func catchAll(req: Request) async throws -> View {
//     var route: HomeRoute?
//
//     if let loginParams = try? req.query.decode(LoginParameter.self),
//        let next = loginParams.next.split(separator: "/").last
//     {
//       route = HomeRoute(rawValue: String(next))
//     } else if let routeString = req.parameters.getCatchall().last {
//       route = HomeRoute(rawValue: routeString)
//     }
//
//     return try await req.view.render("home", HomeCTX(route: route))
//   }
//
// }
//
// private struct UserForm: Content {
//   let username: String
//   let password: String
// }
//
// enum HomeRoute: String, Content {
//   case employees
//   case purchaseOrders
//   case users
//   case vendors
// }
//
// struct HomeCTX: Content {
//   let route: HomeRoute?
// }
//
// struct LoginParameter: Content {
//   let next: String
// }