import { Injectable, CanActivate, ExecutionContext, ForbiddenException } from '@nestjs/common'
import { SessionsService } from 'src/modules/sessions/sessions.service'
import { PARAMS } from '../constants/param.constants'
import { SessionId } from '../types/session-id.type'

@Injectable()
export class SessionOwnerGuard implements CanActivate {
    constructor(private readonly sessionsService: SessionsService) { }

    async canActivate(context: ExecutionContext) {
        const request = context.switchToHttp().getRequest()
        const user = request.user
        const sessionId: SessionId = request.params[PARAMS.SESSION_ID]

        const isOwner = await this.sessionsService.isOwner(sessionId, user.id)
        if (!isOwner) {
            throw new ForbiddenException('You are not allowed to delete this session')
        }

        return true
    }
}