<?php

namespace App\Http\Middleware;

use App\Services\TotpService;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

class Require2FA
{
    public function __construct(private TotpService $totp) {}

    public function handle(Request $request, Closure $next): Response
    {
        $user = $request->user();

        if (!$user) return $next($request);

        if (!$this->totp->isEnabled($user)) return $next($request);

        if ($request->session()->get('2fa_verified')) return $next($request);

        if ($request->routeIs('auth.2fa*')) return $next($request);

        return redirect()->route('auth.2fa');
    }
}