"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.OtpGateGuard = void 0;
const common_1 = require("@nestjs/common");
const otp_service_1 = require("./otp.service");
let OtpGateGuard = class OtpGateGuard {
    otpService;
    constructor(otpService) {
        this.otpService = otpService;
    }
    async canActivate(context) {
        const request = context.switchToHttp().getRequest();
        const userId = request.user?.userId;
        if (!userId) {
            return true;
        }
        const status = await this.otpService.getStatus(userId);
        if (!status.emailEnabled && !status.totpEnabled) {
            return true;
        }
        const otpCode = request.headers['x-otp-code'] || request.body?.otpCode;
        const otpMethod = (request.headers['x-otp-method'] ||
            request.body?.otpMethod ||
            'totp');
        if (!otpCode) {
            throw new common_1.UnauthorizedException({
                message: 'OTP verification required',
                requiresOtp: true,
                availableMethods: {
                    email: status.emailEnabled,
                    totp: status.totpEnabled,
                },
            });
        }
        const isValid = await this.otpService.verifyOtpGate(userId, otpCode, otpMethod);
        if (!isValid) {
            throw new common_1.UnauthorizedException('Invalid OTP code');
        }
        return true;
    }
};
exports.OtpGateGuard = OtpGateGuard;
exports.OtpGateGuard = OtpGateGuard = __decorate([
    (0, common_1.Injectable)(),
    __metadata("design:paramtypes", [otp_service_1.OtpService])
], OtpGateGuard);
//# sourceMappingURL=otp-gate.guard.js.map