<?php
namespace Incoviba\API\Common\Middleware;

use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface as Handler;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ResponseFactoryInterface as Factory;
use Incoviba\API\Common\Service\Auth as Service;

class Auth {
  protected $service;
  protected $factory;
  protected $exceptions;
  public function __construct(Service $service, Factory $factory, array $exception_routes) {
    $this->service = $service;
    $this->factory = $factory;
    $this->exceptions = $exception_routes;
  }
  public function __invoke(Request $request, Handler $handler): Response {
    $path = $request->getUri()->getPath();
    if (in_array($path, $this->exceptions) or $this->service->isValid($request)) {
      return $handler->handle($request);
    }
    $response = $this->factory->createResponse();
    $response->getBody()->write(json_encode(['message' => 'Not authorized.']));
    return $response
      ->withStatus(401) // unauthorized
      ->withHeader('content-type', 'application/json');
  }
}