import orgAccess from './index.mjs'

export function accessChecks(opts = { }) {
  const access = opts.access || orgAccess

  return (ctx, next) => {
    ctx.state.is = access.is.bind(access, ctx)
    ctx.state.atLeast = access.atLeast.bind(access, ctx)
    ctx.state.ensure = access.ensure.bind(access, ctx)

    return next()
  }
}

export function restrict(level = orgAccess.Normal) {
  return async (ctx, next) => {
    if (!ctx.headers.authorization && !ctx.query.token) {
      return ctx.throw(403, 'Authentication token was not found (did you forget to login?)')
    }

    if (!ctx.state.user || !ctx.state.user.email || !ctx.state.user.level) {
      return ctx.throw(403, 'You must be authenticated to access this resource')
    }

    if (!ctx.state.atLeast(level)) {
      return ctx.throw(403, 'You do not have enough access to access this resource')
    }

    if (next) {
      return next()
    }
  }
}