const router = require('express').Router()
const { randomBytes } = require('crypto')
const jwt = require('jsonwebtoken')
const User = require('../model/User')

const cookieParams = {
  maxAge: (1000 * parseInt(process.env.TOKEN_EXPIRE_IN)),
  secure: false,
  httpOnly: true,
}

const generateJwtToken = (user) => jwt.sign({
    email: user.email,
    verified: !!user.verify,
    role: user.role,
  },
  process.env.JWT_SECRET,
  {
    expiresIn: parseInt(process.env.TOKEN_EXPIRE_IN),
    issuer: 'pruss.it',
    algorithm: 'HS256',
  }
)

// Alive
router.get("/", function (_, res) {
  res.send("Service is up.")
})

// Register
router.post('/register', async (req, res) => {
  const refresh = randomBytes(32).toString('hex')
  const user = new User({
    email: req.body.email,
    password: req.body.password,
    refresh,
  })

  try {
    await user.save()
    res.status(201).send(refresh)
  } catch(err) {
    if (err._message) {
      res.status(422).send(err._message)
    } else if (err.code && err.code === 11000) {
      res.status(409).send('User with this email already exist')
    } else {
      res.status(400).send('Could not save the user')
    }
  }
})

// Login
router.post('/login', async (req, res) => {
  try {
    const user = await User.findByCredentials(req.body.email, req.body.password)

    if (!user) {
      throw new Error()
    }

    const refreshToken = await User.newRefreshToken(user)

    if (!refreshToken) {
      throw new Error()
    }

    const jwtToken = generateJwtToken(user)

    res
      .cookie('token', jwtToken, cookieParams)
      .status(204)
      .send(refreshToken)
  } catch (err) {
    res.status(401).send('Could not login')
  }
})

// Logout
router.post('/logout', async (_, res) => {
  try {
    // add session check

    res
      .clearCookie('token')
      .status(204)
      .send()
  } catch (err) {
    res.status(401).send('Could not logout')
  }
})

// Refresh token
router.post('/refresh', async (req, res) => {
  try {
    const user = await User.checkRefreshToken(req.body.email, req.body.refresh)

    if (!user) {
      throw new Error()
    }

    const newRefreshToken = await User.newRefreshToken(user)

    if (!newRefreshToken) {
      throw new Error()
    }

    const jwtToken = generateJwtToken(user)

    res
      .cookie('token', jwtToken, cookieParams)
      .status(201)
      .send(newRefreshToken)
  } catch (err) {
    res.status(401).send('User logged out')
  }
})

module.exports = router