import jwt from 'jsonwebtoken'
import { csrfProtection } from '../app'
import { verifyTokenInDB } from '../utils'

export const authenticateAccessToken = (req: any, res: any, next: any) => {
  // if request is coming from web and has valid session
  // we can validate the request and check for CSRF Token
  if (req.session?.loggedIn) {
    req.user = req.session.user

    return csrfProtection(req, res, next)
  }

  authenticateToken(
    req,
    res,
    next,
    process.env.ACCESS_TOKEN_SECRET as string,
    'accessToken'
  )
}

export const authenticateRefreshToken = (req: any, res: any, next: any) => {
  authenticateToken(
    req,
    res,
    next,
    process.env.REFRESH_TOKEN_SECRET as string,
    'refreshToken'
  )
}

const authenticateToken = (
  req: any,
  res: any,
  next: any,
  key: string,
  tokenType: 'accessToken' | 'refreshToken'
) => {
  const { MODE } = process.env
  if (MODE?.trim() !== 'server') {
    req.user = {
      userId: '1234',
      clientId: 'desktopModeClientId',
      username: 'desktopModeUsername',
      displayName: 'desktopModeDisplayName',
      isAdmin: true,
      isActive: true
    }
    req.accessToken = 'desktopModeAccessToken'
    return next()
  }

  const authHeader = req.headers['authorization']
  const token = authHeader?.split(' ')[1]
  if (!token) return res.sendStatus(401)

  jwt.verify(token, key, async (err: any, data: any) => {
    if (err) return res.sendStatus(401)

    // verify this valid token's entry in DB
    const user = await verifyTokenInDB(
      data?.userId,
      data?.clientId,
      token,
      tokenType
    )

    if (user) {
      if (user.isActive) {
        req.user = user
        if (tokenType === 'accessToken') req.accessToken = token
        return next()
      } else return res.sendStatus(401)
    }
    return res.sendStatus(401)
  })
}