import type { NextApiRequest } from "next";

import { HttpError } from "@calcom/lib/http-error";

import { schemaQueryIdParseInt } from "~/lib/validations/shared/queryIdTransformParseInt";

async function authMiddleware(req: NextApiRequest) {
  const { userId, prisma, isAdmin, query } = req;
  const { id } = schemaQueryIdParseInt.parse(query);
  const userWithBookings = await prisma.user.findUnique({
    where: { id: userId },
    include: { bookings: true },
  });

  if (!userWithBookings) throw new HttpError({ statusCode: 404, message: "User not found" });

  const userBookingIds = userWithBookings.bookings.map((booking) => booking.id);

  if (!isAdmin && !userBookingIds.includes(id)) {
    throw new HttpError({ statusCode: 401, message: "You are not authorized" });
  }
}

export default authMiddleware;