require('dotenv').config();
const express = require('express');
const path = require('path');
const app = express();
const port = process.env.PORT || 3000;
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
const cors = require('cors');

var corsOptions = {
    origin: 'http://localhost:8080',
    credentials: true };
app.use(cors(corsOptions));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(cookieParser());

const bcrypt = require('bcrypt');
const crypto = require('crypto');
const DB = require("./mongoDB.js");

// Utilities
const getSessionId = function(req){
    const session_id = req.cookies.session_id || req.query.session_id || req.body.session_id;
    return session_id
}
const getUserId = function(req){
    const user_sid = req.cookies.user_sid || req.query.user_sid || req.body.user_sid;
    return user_sid
}

// Definitions
const Post = require("./def/post.js")

DB.getDB.then((DB)=>{

    // middleware function to check for logged-in users
    const sessionChecker = async (req, res, next) => {
        const session_id = getSessionId(req);
        const user_sid = getUserId(req);
        if (session_id && user_sid) {
            const userInfo = await DB.checkSessionOnDB(session_id, user_sid);
            req.userInfo = userInfo;
            if(!userInfo) return res.redirect('/login');
            next();          
        } else {
            return res.redirect('/login');
        }
    };

    // route for Home-Page
    app.get('/', sessionChecker, async (req, res) => {
        if(req.userInfo) return res.json({status: "ok", userInfo: req.userInfo});
        res.json({status: "ok"});
    });

    // route for user signup
    const signup = async function(req, res){
        const username = req.query.username || req.body.username;
        const password = req.query.password || req.body.password;
        const email = req.query.email || req.body.email;
        if(!username || !password || !email) return res.json({status: "fail"})
        const hashedPassword = await bcrypt.hash(password, 10);
        const success = await DB.newUser({
            username: username,
            email: email,
            password: hashedPassword
        });
        if(success){
            return login(req, res);
        }
        res.redirect('/signup');
    }
    app.route('/signup').get(async (req, res) => {
        return await signup(req, res);
    }).post(async (req, res) => {
        return await signup(req, res);
    });

    const cookiesOptions = {
        maxAge: 1000 * 60 * 60 * 24 * 30, // would expire after 30 days
        httpOnly: true, // The cookie only accessible by the web server
        //signed: true // Indicates if the cookie should be signed
        sameSite: 'none', // This and secure are required for properly 
        secure: true,     // manage cockies in cros-domain
    };

    // route for user Login
    const login = async function(req, res){
        const session_id = getSessionId(req);
        const user_sid = getUserId(req);
        if (session_id && user_sid) {
            const userInfo = await DB.checkSessionOnDB(session_id, user_sid);
            if(userInfo) return res.redirect('/');
        }
        const username = req.body.username || req.query.username;
        const password = req.body.password || req.query.password || "";
        const user = await DB.getUser(username);
        if (!user) return res.json({status: "user not founded"});
        const samePass = await bcrypt.compare(password, user.password);
        if(!samePass) return res.json({status: "incorrect password"});
        const doc = await DB.newSession(user._id);
        res.cookie('user_sid', user._id, cookiesOptions);
        res.cookie('session_id', doc.insertedId, cookiesOptions);
        return res.json({
            status: "ok",
            user_sid: user._id,
            session_id: doc.insertedId
        });
    }
    app.route('/login').get(async (req, res) => {
        return await login(req, res);
    }).post(async (req, res) => {
        return await login(req, res);       
    });

    // route for user logout
    const logout = function(req, res){
        const session_id = getSessionId(req);
        const user_sid = getUserId(req);
        if (session_id && user_sid) {
            res.clearCookie('session_id');
            res.clearCookie('user_sid');
            //remove from DB
            DB.removeSession(session_id);
            res.redirect('/');
        } else {
            res.redirect('/login');
        }
    }
    app.get('/logout', (req, res) => {
        return logout(req, res);
    });

    app.get("/post/", sessionChecker, async (req, res) => {
        let posts = await DB.getPosts();
        return res.json(posts)
    });

    app.get("/post/new", sessionChecker, async (req, res) => {
        let post = {
            userid: getUserId(req),
            content: req.query.content
        }
        let postObj = new Post(post);
        DB.newPost(postObj)
        return res.json({
            status: "ok"
        })
    })

    // route for handling 404 requests(unavailable routes)
    app.use(function (req, res, next) {
        res.status(404).send("Sorry can't find that!")
    });

    app.listen(port, () => {
        console.log(`Example app listening at http://localhost:${port}`);
    });
}).catch((err)=>{
    throw err;
});