web/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts

import type { SafeUser } from "@/types/user"
import type { Guest } from "@/server/routers/booking/output"

export {
  ACCESS_GRANTED,
  accessBooking as default,
  ERROR_BAD_REQUEST,
  ERROR_FORBIDDEN,
  ERROR_NOT_FOUND,
  ERROR_UNAUTHORIZED,
}

/**
 * Whether a request can access a confirmed booking or not.
 */
function accessBooking(
  guest: Guest,
  lastName: string,
  user: SafeUser | null,
  cookie: string = ""
) {
  if (guest.membershipNumber) {
    if (user) {
      if (lastName === guest.lastName) {
        return ACCESS_GRANTED
      }
    } else {
      console.warn(
        "Access to booking not granted due to anonymous user attempting accessing to logged in booking"
      )
      return ERROR_UNAUTHORIZED
    }
  }

  if (guest.lastName === lastName) {
    if (user) {
      console.warn(
        "Access to booking not granted due to logged in user attempting access to anonymous booking"
      )
      return ERROR_FORBIDDEN
    } else {
      const params = new URLSearchParams(cookie)
      if (
        params.get("firstName") === guest.firstName &&
        params.get("email") === guest.email
      ) {
        return ACCESS_GRANTED
      } else {
        console.warn(
          "Access to booking not granted due to incorrect cookie values"
        )
        return ERROR_BAD_REQUEST
      }
    }
  }

  console.warn(
    "Access to booking not granted due to anonymous user attempting access with incorrect lastname"
  )
  return ERROR_NOT_FOUND
}

const ERROR_BAD_REQUEST = {
  code: "BAD_REQUEST",
  status: 400,
} as const

const ERROR_UNAUTHORIZED = {
  code: "UNAUTHORIZED",
  status: 401,
} as const

const ERROR_FORBIDDEN = {
  code: "FORBIDDEN",
  status: 403,
} as const

const ERROR_NOT_FOUND = {
  code: "NOT_FOUND",
  status: 404,
} as const

const ACCESS_GRANTED = {
  code: "ACCESS_GRANTED",
  status: 200,
} as const