const app = require('./app')
const db = require('./db')
const log = require('./log')
const { hashPassword, genSeed, authorize, createToken } = require('./security')

app.post('/signup', async (req, res) => {
  if (!req.body.name) throw new Error('Missing name')
  if (!req.body.password) throw new Error('Missing password')
  if (!req.body.email) throw new Error('Missing email')
  const email = req.body.email.toLowerCase().trim()
  const existing = await db.users.get(email)
  if (existing) throw new Error('User already exists.')
  const seed = genSeed()
  const password = hashPassword({password: req.body.password, email, seed})

  const user = {
    name: req.body.name,
    email: req.body.email,
    password,
    seed,
    ip: req.ip,
    created: Date.now()
  }

  await db.users.put(email, user)

  log({
    type: 'user-created',
    user
  })

  res.status(200).send({
    token: createToken(user)
  })
})

app.post('/login', async (req, res) => {
  if (!req.body.password) throw new Error('Missing password')
  if (!req.body.email) throw new Error('Missing email')
  const email = req.body.email.toLowerCase().trim()
  const user = await db.users.get(email)
  if (user) {
    const password = hashPassword({
      password: req.body.password,
      seed: user.seed,
      email
    })
    if (password === user.password) {
      log({ type: 'login', user})
      res.status(200).send({
        token: createToken(user)
      })
      return
    }
  }
  res.status(400).send({
    error: 'Login failed'
  })
})

app.post('/renew', authorize(), async (req, res) => {
  log({
    type: 'renew',
    user: req.identity
  })
  const identity = {...req.identity}
  delete identity.eat
  delete identity.iat
  res.status(200).send({
    token: createToken(identity)
  })
})

app.start()