import DatabaseClientLive
import SharedModels
import Vapor

// TODO: Fix before production.

extension RoutesBuilder {

  // Used to ensure views are protected, redirects users to the login page if they're
  // not authenticated.
  var protected: any RoutesBuilder {
    // return self
    return grouped(
      UserPasswordAuthenticator(),
      UserSessionAuthenticator(),
      User.redirectMiddleware { req in
        "login?next=\(req.url)"
      }
    )
  }

  func apiUnprotected(route: PathComponent) -> any RoutesBuilder {
    grouped("api", "v1", route)
  }

  // Allows basic or token authentication for api routes and prefixes the
  // given route with "/api/v1".
  func apiProtected(route: PathComponent) -> any RoutesBuilder {
    return apiUnprotected(route: route)
    // let prefixed = grouped("api", "v1", route)
    // return prefixed.grouped(
    //   UserPasswordAuthenticator(),
    //   UserTokenAuthenticator(),
    //   User.guardMiddleware()
    // )
  }
}