import { AuthenticationError, ForbiddenError } from 'apollo-server-micro';

import { ApiContext } from '../server';

interface AuthenticateQueryOptions {
  /**
   * A user must be available on the context state
   * @default true
   */
  requireUser?: boolean;
  /**
   * User abilities must be available on the context state
   * @default true
   */
  requireAbilities?: boolean;
}

/**
 * General query authorization to make sure necessary user data is supplied within the request context
 */
export function authenticateQuery(
  ctx: ApiContext,
  options: AuthenticateQueryOptions = {
    requireUser: true,
    requireAbilities: true,
  }
) {
  // Must be logged in
  if (options.requireUser && !ctx.state.user) {
    throw new AuthenticationError('Unauthenticated. Please log in.');
  }
  // Must have abilities defined
  if (options.requireAbilities && !ctx.state.ability) {
    throw new ForbiddenError('Not permitted to make request.');
  }

  return {
    user: ctx.state.user,
    ability: ctx.state.ability,
  };
}