const logger = require('../../utils/logger.js')
const dbtools = require('../../utils/dbtools.js')

const exceptions = [
  'favicon',
  '/login'
]

module.exports = function (options) {
  const { authDB } = options

  return function (req, res, next) {
    const sessionID = req.cookies.sessionID
    const isException = exceptions.some((exc) => {
      return req.url === exc
    })

    if (isException) {
      logger.DebugLog(`EXCEPTION: ${req.url}`, 'auth', 1)
      next()
      return
    }

    const user = GetUserBySessionID(authDB, sessionID, req)

    // update 'sessiosn' table 'lastAccess' stuff
    if (sessionID) {
      dbtools.Update(authDB, 'sessions', {
        lastAccess: new Date().toString()
      }, {
        id: sessionID
      })
    }

    console.log(dbtools.SelectAll(authDB, 'sessions'))

    // FIXME: invalidate when new ip or something

    if (user) {
      logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)
      next()
    } else {
      logger.DebugLog(`No user:${req.url}`, 'auth', 1)
      // res.render('login')
      res.json({
        result: 'nouser',
        msg: 'You are not logged in'
      })
    }
  }
}

function GetUserBySessionID (db, sessionID, req) {
  logger.DebugLog(`Getting user from db`, 'auth', 2)
  if (sessionID === undefined) {
    return
  }

  const session = dbtools.Select(db, 'sessions', {
    id: sessionID
  })[0]

  if (!session) {
    return
  }

  const user = dbtools.Select(db, 'users', {
    id: session.userID
  })[0]

  if (user) {
    return user
  }
}