const errors = require('restify-errors');
const jwt = require('jsonwebtoken');

const config = require('../config');
const User = require('../models/user');

const {
  api: { url },
  security: { reset: { route, tokenPlaceholder } },
} = config;

const routes = {
  resetWithToken: `${route}/${tokenPlaceholder}([A-Za-z0-9_]+\.{3})`,
  getTestToken: `${route}/generate`,
};

module.exports = function (server, auth) {
	server.get(routes.getTestToken, auth.basic, function (req, res, next) {
    const { record: user } = req.user;
    const resetToken = user.generateAccountToken();
    const resetUrl = `${url}${route}/${resetToken}`;

    res.send({ resetToken, resetUrl });
    next();
	});

	server.post(routes.resetWithToken, auth.bypass, function (req, res, next) {
    const { reset_token } = req.params;
    const { body: { password } = {}} = req;

    if (!reset_token) {
      return next(
        new errors.InvalidContentError('A reset token was not provided.'),
      );
    }

    if (!password) {
      return next(
        new errors.InvalidContentError('Password cannot be empty.'),
      );
    }

    User.verifyTokenAndResetPassword(reset_token, password, (err, user, info) => {
      if (err) {
        console.error(err);
        return next(
          new errors.InvalidContentError(err),
        );
      }

      if (!user) {
        console.error(err);
        res.send({
          success: false,
          info: 'Password reset failed. ' + info,
        });
        return next();
      }

      res.send({
        success: true,
        info: 'Password reset successful.',
        ...user.toAuthJSON()
      });
      next();
    });
	});
};