vapor-po/Sources/App/Controllers/ViewController.swift

import Fluent
import Leaf
import Vapor

struct ViewController: RouteCollection {

  private let api = ApiController()

  func boot(routes: any RoutesBuilder) throws {
    let protected = routes.protected
    let login = routes.grouped("login")

    // MARK: - Non-protected routes.

    routes.get(use: index(req:))
    login.get(use: getLogin(req:))
    login.post(use: postLogin(req:))
    routes.post("logout", use: logout(req:))

    // MARK: Protected routes.

    protected.get("home", use: home(req:))
    protected.get("users", use: users(req:))

    try routes.register(collection: EmployeeViewController())
  }

  @Sendable
  func index(req: Request) async throws -> View {
    try await req.view.render("index")
  }

  @Sendable
  func getLogin(req: Request) async throws -> View {
    try await req.view.render("login")
  }

  @Sendable
  func postLogin(req: Request) async throws -> View {
    let content = try req.content.decode(UserForm.self)
    guard let user = try await User.query(on: req.db)
      .filter(\.$username == content.username)
      .first()
    else {
      throw Abort(.badRequest, reason: "User not found.")
    }

    guard try user.verify(password: content.password) else {
      throw Abort(.unauthorized, reason: "Invalid password.")
    }
    req.auth.login(user)

    req.logger.debug("User logged in: \(user.toDTO())")
    return try await req.view.render("home")
  }

  @Sendable
  func logout(req: Request) async throws -> View {
    req.auth.logout(User.self)
    return try await req.view.render("login")
  }

  // TODO: Add route parameters for active route / tab.

  @Sendable
  func home(req: Request) async throws -> View {
    try await req.view.render("home")
  }

  @Sendable
  func users(req: Request) async throws -> View {
    let users = try await api.usersIndex(req: req)
    return try await req.view.render("users", ["users": users])
  }

}

private struct UserForm: Content {
  let username: String
  let password: String
}