import { Response, NextFunction } from 'express';
import { AuthRequest, UserRole } from '../shared/types';
import { respond } from '../shared/utils/apiResponse';

export function authorize(...allowedRoles: UserRole[]) {
  return (req: AuthRequest, res: Response, next: NextFunction): void => {
    if (!req.user) {
      respond.unauthorized(res);
      return;
    }
    if (!allowedRoles.includes(req.user.role)) {
      respond.forbidden(res, `Se requiere uno de los roles: ${allowedRoles.join(', ')}`);
      return;
    }
    next();
  };
}