<?php

namespace App\Http\Middleware;

use App\Services\Auth\TwoFactorService;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

class EnsureTwoFactorVerified
{
    public function __construct(private readonly TwoFactorService $twoFactor) {}

    public function handle(Request $request, Closure $next): Response
    {
        $user = $request->user();
        if (! $user) {
            return $next($request);
        }

        if ($this->twoFactor->mustSetup($user) && ! $request->routeIs('two-factor.*')) {
            return redirect()->route('two-factor.setup');
        }

        if ($this->twoFactor->isEnabled($user) && ! $request->session()->get('two_factor_passed')) {
            if (! $request->routeIs('two-factor.challenge', 'two-factor.challenge.store', 'logout')) {
                return redirect()->route('two-factor.challenge');
            }
        }

        return $next($request);
    }
}