feat(SW-1710): add access checks to my stay page for viewing booking

apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts

@@ -0,0 +1,64 @@
+import type { SafeUser } from "@/types/user"
+import type { Guest } from "@/server/routers/booking/output"
+
+export {
+  ACCESS_GRANTED,
+  accessBooking as default,
+  ERROR_BAD_REQUEST,
+  ERROR_NOT_FOUND,
+  ERROR_UNAUTHORIZED,
+}
+
+/**
+ * Whether a request can access a confirmed booking or not.
+ */
+function accessBooking(
+  guest: Guest,
+  lastName: string,
+  user: SafeUser | null,
+  cookie: string = ""
+) {
+  if (guest.membershipNumber) {
+    if (user) {
+      if (lastName === guest.lastName) {
+        return ACCESS_GRANTED
+      }
+    } else {
+      return ERROR_UNAUTHORIZED
+    }
+  }
+
+  if (guest.lastName === lastName) {
+    const params = new URLSearchParams(cookie)
+    if (
+      params.get("firstName") === guest.firstName &&
+      params.get("email") === guest.email
+    ) {
+      return ACCESS_GRANTED
+    } else {
+      return ERROR_BAD_REQUEST
+    }
+  }
+
+  return ERROR_NOT_FOUND
+}
+
+const ERROR_BAD_REQUEST = {
+  code: "BAD_REQUEST",
+  status: 400,
+} as const
+
+const ERROR_UNAUTHORIZED = {
+  code: "UNAUTHORIZED",
+  status: 401,
+} as const
+
+const ERROR_NOT_FOUND = {
+  code: "NOT_FOUND",
+  status: 404,
+} as const
+
+const ACCESS_GRANTED = {
+  code: "ACCESS_GRANTED",
+  status: 200,
+} as const