web/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts

import type { AdditionalInfoCookieValue } from "@scandic-hotels/booking-flow/types/components/findMyBooking/additionalInfoCookieValue"
import type { Guest } from "@scandic-hotels/trpc/routers/booking/output"

import type { SafeUser } from "@/types/user"

export {
  ACCESS_GRANTED,
  accessBooking as default,
  ERROR_BAD_REQUEST,
  ERROR_FORBIDDEN,
  ERROR_NOT_FOUND,
  ERROR_UNAUTHORIZED,
}

/**
 * Whether a request can access a confirmed booking or not.
 */
function accessBooking(
  guest: Guest,
  lastName: string,
  user: SafeUser | null,
  cookie: string = ""
) {
  if (
    user &&
    user.membershipNumber === guest.membershipNumber &&
    user.firstName.toLowerCase() === guest.firstName?.toLowerCase() &&
    user.email.toLowerCase() === guest.email?.toLowerCase()
  ) {
    return ACCESS_GRANTED
  }

  if (guest.membershipNumber) {
    if (!user) {
      return ERROR_UNAUTHORIZED
    }
    if (guest.membershipNumber !== user.membershipNumber) {
      return ERROR_UNAUTHORIZED
    }
  }

  if (guest.lastName?.toLowerCase() === lastName.toLowerCase()) {
    const values =
      cookie && (JSON.parse(cookie) as Partial<AdditionalInfoCookieValue>)
    if (
      values &&
      values.firstName?.toLowerCase() === guest.firstName?.toLowerCase() &&
      values.email?.toLowerCase() === guest.email?.toLowerCase()
    ) {
      return ACCESS_GRANTED
    } else {
      return ERROR_BAD_REQUEST
    }
  }

  return ERROR_NOT_FOUND
}

const ERROR_BAD_REQUEST = {
  code: "BAD_REQUEST",
  status: 400,
} as const

const ERROR_UNAUTHORIZED = {
  code: "UNAUTHORIZED",
  status: 401,
} as const

const ERROR_FORBIDDEN = {
  code: "FORBIDDEN",
  status: 403,
} as const

const ERROR_NOT_FOUND = {
  code: "NOT_FOUND",
  status: 404,
} as const

const ACCESS_GRANTED = {
  code: "ACCESS_GRANTED",
  status: 200,
} as const