const _ = require('lodash')
const config = require('../../../config')
const { User, Session } = require('../../database')
const JWT = require('jsonwebtoken')
const aguid = require('aguid')


module.exports = {
  post: async (req, res) => {
    if (!req.user) return res.status(403).send('Not logged in')
    const user = await User.findOne({where: {id: req.user.id}})
    if (!user) return res.status(403).send(`Could not find user ${req.user.id}`)
    const session = await Session.findOne({ where: {id: req.claims.sid}})
    if (!session) return res.status(403).send(`Could not find session ${req.claims.sid}`)
    const permissions = _.chain(await user.getRoles({paranoid: !config.hiddenRoles}))
      .map(role => (role.permissions || '').split(','))
      .flatten()
      .uniq()
      .map(permission => [permission, 1])
      .fromPairs()
      .value()
    const sid = req.claims.sid
    const exp = Math.floor(Date.now()/1000) + config.auth.jwtExpires
    session.endAt = exp
    await session.save()
    const token = JWT.sign({
      sid,
      exp,
      ...permissions,
      user: user.sanitize()
    }, config.auth.jwtSecret);
    return res.status(200).send({
      user: user.sanitize(),
      token
    })

  }
}