import { Request } from 'express';
import { AccessDenied } from './model/error';
import wrap from './utils/wrap';

export const middleware = wrap(async function (req: Request, res, next) {
  console.debug('Parsing bearer token');
  let token = null;

  // Look for token in header
  if (req.headers.authorization) {
    const pieces = req.headers.authorization.split(' ', 2);

    // Check authorization header
    if (!pieces || pieces.length !== 2) {
      throw new AccessDenied('Wrong authorization header');
    }

    // Only bearer auth is supported
    if (pieces[0].toLowerCase() !== 'bearer') {
      throw new AccessDenied('Unsupported authorization method in header');
    }

    token = pieces[1];
    console.debug('Bearer token parsed from authorization header:', token);
  } else if (req.query?.access_token) {
    token = req.query.access_token;
    console.debug('Bearer token parsed from query params:', token);
  } else if (req.body?.access_token) {
    token = req.body.access_token;
    console.debug('Bearer token parsed from body params:', token);
  } else {
    throw new AccessDenied('Bearer token not found');
  }

  // Try to fetch access token
  const object = await req.oauth2.model.accessToken.fetchByToken(token);
  if (!object) {
    throw new AccessDenied('Token not found or has expired');
  } else if (!req.oauth2.model.accessToken.checkTTL(object)) {
    throw new AccessDenied('Token is expired');
  } else {
    res.locals.accessToken = object;
    console.debug('AccessToken fetched', object);
    next();
  }
});