<?php

namespace Modules\Api\Http\Middleware;

use Carbon\Carbon;
use Closure;
use Illuminate\Http\Request;
use Modules\Api\Entities\ApiToken;

class ApiAuthorization
{
    /**
     * @param \Illuminate\Http\Request $request
     * @param \Closure $next
     * @param string $permission
     * @param string $to
     * @return \Illuminate\Http\Response
     */
    public function handle(Request $request, Closure $next)
    {
        if ($this->hasAccess($request)) {
            return $next($request);
        }
        return $this->handleUnauthorizedRequest($request);
    }

    /**
     * @param \Illuminate\Http\Request $request
     * @param string $permission
     * @return \Illuminate\Http\Response
     */
    private function handleUnauthorizedRequest(Request $request)
    {
        return response()->json([
            'status' => 'Unauthorized.'
        ], 401);
    }

    private function hasAccess(Request $request)
    {
        $token = $request->header('authorization');

        $hasToken = ApiToken::query()
            ->where('token', $token)
            ->exists();

        if (!empty($token) && $hasToken) {
            return true;
        }
        return false;
    }


}