const {JwtVerify} = require("../services/JwtService");
const {getUserFromId} = require("../services/UserService");
const {log} = require("../utils/logging");
const UNAUTHORIZED = 401;
const FORBIDDEN = 403;
const UNAUTH_MESSAGE = 'Missing Authorization Header';
const INVALID_TOKEN_MESSAGE = 'Invalid or expired token.';

async function validateJWT(req, res, next) {
  log('MIDDLEWARE', 'JWT', `Vérification du jwt... (${req.ip})`)
  const authHeader = req.headers.authorization;
  if (!authHeader) {
    res.status(UNAUTHORIZED).json({message: UNAUTH_MESSAGE});
    return;
  }

  const bearerToken = authHeader.split(' ')[1];
  const isTokenValid = await JwtVerify(bearerToken);

  if (isTokenValid !== false) {
    log('MIDDLEWARE', 'JWT', `Token valide. (${req.ip})`)
    next();
  } else {
    log('MIDDLEWARE', 'CHECK', `Token invalide (${req.ip})`)
    res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
  }
}

async function isAdmin(req, res, next) {
  log('MIDDLEWARE', 'ROLE', `Vérification du role... (${req.ip})`)
  const authHeader = req.headers.authorization;
  const bearerToken = authHeader.split(' ')[1];
  const payload = await JwtVerify(bearerToken);
  const dbUser = await getUserFromId(payload.sub)
  if (!dbUser || !dbUser.isAdmin) {
    log('MIDDLEWARE', 'ROLE', `Non admin ou éxistant. (${req.ip})`)
    return res
      .type('application/json')
      .status(403)
      .json({ error: 'Unauthorized' });
  }
  log('MIDDLEWARE', 'ROLE', `Accès admin validé. (${req.ip})`)
  next();
}

module.exports = {
  validateJWT,
  isAdmin
};