const crypto = require('crypto')
const uuid = require('uuid/v4')
const jwt = require('jsonwebtoken')
const SECRET = 'scale action palace measure'
const genSeed = uuid

const hashPassword = ({password, seed, email}) => {
  if (!password) throw new Error('Missing password')
  if (!seed) throw new Error('Missing seed')
  if (!email) throw new Error('Missing email')
  email = email.toLowerCase().trim()
  password = password.trim()
  const hash = crypto.createHash('sha256')
  hash.update(`${password},${seed},${email}`)
  const result = hash.digest('base64')
  return result
}

const createToken = user => jwt.sign(user, SECRET, { expiresIn: '2 days' })

const validate = token => jwt.verify(token, SECRET, { complete: true })

const authorize = (...claims) => (req, res, next) => {
  const reg = /^Bearer (.*)$/.exec(req.headers.authorization)
  let identity
  if (reg && (identity = validate(token))) {
    if (claims.every(claim => identity[claim])) {
      req.identity = identity
      next()
    } else {
      res.status(403).send('Access denied')
    }
  } else {
    res.status(401).send('Authorization required')
  }
}

module.exports = { hashPassword, genSeed, createToken, validate, authorize }