<?php

declare(strict_types=1);

namespace Domovoy\Middleware;

use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Slim\Routing\RouteContext;

class AuthMiddleware
{
    public function __invoke(
        ServerRequestInterface $request,
        \Psr\Http\Server\RequestHandlerInterface $handler
    ): ResponseInterface {
        $path = $request->getUri()->getPath();

        $publicPaths = ['/login', '/setup'];
        $isPublic = in_array($path, $publicPaths, true);

        if (!isset($_SESSION['user_id']) && !$isPublic) {
            $response = new \Slim\Psr7\Response();
            return $response
                ->withHeader('Location', '/login')
                ->withStatus(302);
        }

        // If logged in and trying to access login/setup, redirect to dashboard
        if (isset($_SESSION['user_id']) && $isPublic) {
            $response = new \Slim\Psr7\Response();
            return $response
                ->withHeader('Location', '/dashboard')
                ->withStatus(302);
        }

        return $handler->handle($request);
    }
}