use v6.d.PREVIEW;
use Cro::HTTP::Middleware;
use Ultramarine::Middleware::Authentication;

class Ultramarine::Middleware::Authorisation
 does Cro::HTTP::Middleware::Conditional {
    method process(Supply:D $request-stream) {
        supply whenever $request-stream -> $request {
            if ($request ~~ Ultramarine::Request::Authed) {
                # here we could also add some access control
                emit $request;
            }
            else {
                my $response = Cro::HTTP::Response.new(
                    :$request,
                    :status<200>,
                );
                $response.set-body({
                   status => 'failed',
                   error => [
                             :code<40>,
                             :message('Wrong username or password'),
                         ],
                });
                emit $response;
            }
        }
    }
}