"use strict";

// modules
const express = require('express');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcryptjs');
const Q = require('q');
const _ = require('lodash');
const logger = require('debug')('cc:authenticate');

// HTTP status codes by name
const codes = require('./http-codes');

const config = require('../config/config');

const routerHandling = require('../middleware/router-handling');

const AppUserModel = require('../models/app-user');

const authenticate = express.Router();

// routes **********************
authenticate.route('/')
            .post((req, res, next) => {
              authCheck(req.body.username, req.body.password, res)
                .then((user) => {
                  if (user) {
                    // authentication successful
                    res.send(user);
                  } else {
                    // authentication failed
                    res.status(codes.unauthorized).send('Username or password is incorrect');
                  }
                })
                .catch((err) => {
                  res.status(codes.wrongrequest).send(err);
                });
            })

            .all(
              routerHandling.httpMethodNotAllowed
            );

let authCheck = (username, password, res) => {
  const deferred = Q.defer();

  AppUserModel.findOne({username: username.toLowerCase()}).populate('squad').exec((err, user) => {
    if (err) deferred.reject(err.name + ': ' + err.message);

    const diff = 28 * 60 * 24; // time till expiration [minutes]

    if (user && !user.activated) {
      res.status(codes.unauthorized).send('Account is not yet activated');
    }
    if (user && user.activated && bcrypt.compareSync(password, user.password)) {
      // authentication successful
      const secret = process.env.NODE_ENV === config.prod.env ? process.env.JWS_SECRET : 'dev-secret';

      deferred.resolve({
        _id: user._id,
        username: user.username,
        permission: user.permission,
        squad: user.squad,
        token: jwt.sign({sub: user._id}, secret, {expiresIn: diff * 60}),
        tokenExpireDate: new Date(Date.now().valueOf() + diff * 60000 - 1000)
      });
    } else {
      // authentication failed
      deferred.resolve();
    }
  });

  return deferred.promise;
};

// ******************************** SIGNUP ************************

authenticate.route('/signup')
            .post((req, res, next) => {
              create(req.body)
                .then(() => {
                  res.sendStatus(200);
                })
                .catch((err) => {
                  res.status(400).send(err);
                });
            })

            .all(
              routerHandling.httpMethodNotAllowed
            );

let create = (userParam) => {
  const deferred = Q.defer();

  // validation
  AppUserModel.findOne(
    {username: userParam.username.toLowerCase()},
    (err, user) => {
      if (err) deferred.reject(err.name + ': ' + err.message);

      if (user) {
        // username already exists
        deferred.reject(new Error("Username already exists"));
      } else {
        createUser();
      }
    });

  let createUser = () => {
    // set user object to userParam without the cleartext password
    const user = _.omit(userParam, 'password');

    // add hashed password to user object
    user.password = bcrypt.hashSync(userParam.password, 10);
    user.username = user.username.toLowerCase();

    const newUser = new AppUserModel(user);
    newUser.save((err, doc) => {
      if (err) deferred.reject(err.name + ': ' + err.message);

      deferred.resolve();
    });
  };

  return deferred.promise;
};


authenticate.use(routerHandling.emptyResponse);


module.exports = authenticate;