macro_rules! require_team_membership {
    ($current_user:expr, $team_id:expr, $db_conn:expr) => {{
        let current_user_id = $current_user.id.clone();
        match $db_conn
            .interact(move |conn| {
                crate::team_memberships::TeamMembership::all()
                    .filter(crate::team_memberships::TeamMembership::with_user_id(
                        current_user_id,
                    ))
                    .filter(crate::team_memberships::TeamMembership::with_team_id(
                        $team_id,
                    ))
                    .first(conn)
                    .optional()
            })
            .await
            .unwrap()?
        {
            Some((team, _)) => team,
            None => {
                return Ok((
                    axum::http::StatusCode::FORBIDDEN,
                    "not a member of requested team".to_string(),
                )
                    .into_response());
            }
        }
    }};
}
pub(crate) use require_team_membership;

macro_rules! require_valid_csrf_token {
    ($csrf_token:expr, $current_user:expr, $db_conn:expr) => {{
        if !crate::csrf::validate_csrf_token(&$db_conn, &$csrf_token, Some($current_user.id))
            .await?
        {
            return Ok((
                axum::http::StatusCode::FORBIDDEN,
                "invalid CSRF token".to_string(),
            )
                .into_response());
        }
    }};
}
pub(crate) use require_valid_csrf_token;