vapor-po/Sources/App/routes.swift

import Fluent
import Vapor

func routes(_ app: Application) throws {
  let redirectMiddleware = User.redirectMiddleware(path: "login")
  // let protected = app.grouped(redirectMiddleware)
  let credentialsProtected = app.grouped(User.credentialsAuthenticator(), redirectMiddleware)

  app.get { req async throws in
    try await req.view.render("index", ["title": "HHE - Purchase Orders"])
  }

  app.get("login") { req async throws -> View in
    req.logger.info("login")
    return try await req.view.render("login")
  }

  app.post("logout") { req async throws -> View in
    req.auth.logout(User.self)
    return try await req.view.render("login")
  }

  app.post("login") { req async throws -> View in
    let content = try req.content.decode(UserForm.self)
    guard let user = try await User.query(on: req.db)
      .filter(\.$username == content.username)
      .first()
    else {
      throw Abort(.badRequest, reason: "User not found.")
    }

    guard try user.verify(password: content.password) else {
      throw Abort(.unauthorized, reason: "Invalid password.")
    }
    req.auth.login(user)

    req.logger.debug("User: \(user.toDTO())")
    return try await req.view.render("logged-in")
  }

  credentialsProtected.get("home") { req async throws in
    req.logger.info("home")
    return try await req.view.render("logged-in")
  }

  // TODO: Remove.
  credentialsProtected.get("logged-in") { _ in
    "Hello, logged-in!"
  }

  // app.get("index") { req async throws -> View in
  //
  // }

  app.get("hello") { _ async -> String in
    "Hello, world!"
  }

  try app.register(collection: ApiController())
}

struct UserForm: Content {
  let username: String
  let password: String
}