import express from 'express'

import { User } from '../api'
import { OAuth2Provider } from '../api/oauth2'
import RateLimit from 'express-rate-limit'
import wrap from '../../scripts/asyncRoute'
import config from '../../scripts/load-config.js'

const router = express.Router()
const oauth = new OAuth2Provider()

router.use(oauth.express())

const oauthLimiter = new RateLimit({
  windowMs: 5 * 60 * 1000, // 5 minutes
  max: 10,
  delayMs: 0
})

router.use(oauthLimiter)

function ensureLoggedIn (req, res, next) {
  if (req.session.user) return next()
  req.session.redirectUri = req.originalUrl
  res.redirect('/login')
}

// Generic OAuth2 endpoints
router.use('/authorize', ensureLoggedIn, oauth.controller.authorization)
router.post('/token', oauth.controller.token)
router.post('/introspect', oauth.controller.introspection)

// Protected user information resource
router.get('/user', oauth.bearer, wrap(async (req, res) => {
  const accessToken = req.oauth2.accessToken
  const user = await User.get(accessToken.user_id)

  if (!user) {
    return res.status(404).jsonp({
      error: 'No such user'
    })
  }

  const udata = {
    id: user.id,
    uuid: user.uuid,
    username: user.username,
    display_name: user.display_name
  }

  // Include Email
  if (accessToken.scope.indexOf('email') !== -1) {
    udata.email = user.email
  }

  // Include Avatar
  if (accessToken.scope.indexOf('image') !== -1 && user.avatar_file) {
    udata.image = `${config.server.domain}/api/avatar/${user.uuid}`
    udata.image_file = user.avatar_file
  }

  // Include privilege number
  if (accessToken.scope.indexOf('privilege') !== -1) {
    udata.privilege = user.nw_privilege
  }

  res.jsonp(udata)
}))

router.use((err, req, res, next) => {
  if (err && err instanceof oauth.error) {
    return oauth.response.error(req, res, err, req.body.redirectUri)
  }

  next()
})

export default router