export type Method = "POST" | "GET" | "PUT" | "DELETE" | "PATCH" | "*";

export interface RouteAuthRule {
	action: "allow" | "deny";
	methods: Method[];
	endpoint: string;
	tokenKind?: "None" | "Bearer" | "Basic"; // defaults to "Bearer"
}

export const routeAuth: { [k: string]: RouteAuthRule[] } = {
	// default is an unknown user. They are allowed to create a new user for themselves
	// without any token, and they are allowed to access the token endpoint to login with
	// a Basic token. Other than that, they cannot do anything!
	default: [
		{ action: "allow", methods: ["POST"], endpoint: "/api/users", tokenKind: "None" },
		{ action: "allow", methods: ["POST"], endpoint: "/api/token", tokenKind: "Basic" }
	],

	// player is anyone else. They are authorized to hit any endpoint, using any method,
	// with a Bearer token.
	player: [
		{ action: "allow", methods: ["*"], endpoint: "*" },
		{ action: "deny", methods: ["POST"], endpoint: "/api/token" }
	]
};