import { MiddlewareHandler } from 'hono';
import { AppError } from './error-handler';

type UserRole = 'admin' | 'manager' | 'developer' | 'viewer';

export function requireRole(...roles: UserRole[]): MiddlewareHandler {
  return async (c, next) => {
    const user = c.get('user');
    if (!user) {
      throw new AppError(40101, 'Authentication required', 401);
    }
    if (!roles.includes(user.role as UserRole)) {
      throw new AppError(40103, 'Insufficient permissions', 403);
    }
    await next();
  };
}