const ROLES_ADMIN_OR_LEADER = Object.freeze(['admin', 'leader'])

export function requireAuth(event, opts = {}) {
  const user = event.context.user
  if (!user) throw createError({ statusCode: 401, message: 'Unauthorized' })
  const { role } = opts
  if (role === 'admin' && user.role !== 'admin') throw createError({ statusCode: 403, message: 'Forbidden' })
  if (role === 'adminOrLeader' && !ROLES_ADMIN_OR_LEADER.includes(user.role)) throw createError({ statusCode: 403, message: 'Forbidden' })
  return user
}