const asyncHandler = require("express-async-handler");
const bcrypt = require("bcryptjs");
const User = require("../models/user.js");
const { body, validationResult } = require("express-validator");
const { default: mongoose } = require("mongoose");

// C
exports.put = [
  // Validate and sanitize username
  body("username", "Please enter username!")
    .isLength({ min: 1 })
    .trim()
    .escape(),

  // Validate and sanitize password
  body("password", "Please enter password!")
    .isLength({ min: 1 })
    .trim()
    .escape(),

  asyncHandler(async (req, res, next) => {
    const errors = validationResult(req);
    // if there are validation errors, return them
    if (!errors.isEmpty()) {
      return res.status(400).json({
        message: "Comment produced validation errors!",
        errors: errors.array(),
      });
    }
    const { username, password } = req.body; // get fields from body
    const dbUser = await User.findOne({ username: req.params.username })
      .lean()
      .exec();
    const exists = await User.findOne({ username: username }).lean().exec();

    if (exists) {
      return res.status(409).json({
        message: "Username is taken!",
      });
    }
    // else
    const user = new User({
      username: username,
      password: await bcrypt.hash(password, 10),
      _id: dbUser._id,
    });

    await User.findByIdAndUpdate(dbUser._id, user, {});

    return res.status(200).json({
      message: "User updated!",
    });
  }),
];

// R
exports.get = asyncHandler(async (req, res, next) => {
  const user = await User.findOne({ username: req.params.username })
    .lean()
    .exec(); // gets user based on username
  return res.status(200).json({
    user,
  });
});

// U
exports.post = [
  // Validate and sanitize username
  body("username", "Please enter username!")
    .isLength({ min: 1 })
    .trim()
    .escape(),

  // Validate and sanitize password
  body("password", "Please enter password!")
    .isLength({ min: 1 })
    .trim()
    .escape(),

  asyncHandler(async (req, res, next) => {
    // begin by authorizing token
    const token = req.cookies.JWT_TOKEN;
    // if token is not for this user - compares by creating another token
    let opts = {
      expiresIn: "1d",
    };
    const originalUsername = req.params.username;
    const userToken = jwt.sign(
      { originalUsername },
      process.env.SECRET_KEY,
      opts
    );
    if (token != userToken) {
      return res.status(403).json({
        message: "Not authorized!",
      });
    }

    // then return any validation errors
    const errors = validationResult(req);
    // if there are validation errors, return them
    if (!errors.isEmpty()) {
      return res.status(400).json({
        message: "Comment produced validation errors!",
        errors: errors.array(),
      });
    }

    // check for duplicates
    const { username, password } = req.body; // get fields from body
    const exists = await User.findOne({ username: originalUsername })
      .lean()
      .exec();
    if (exists) {
      return res.status(409).json({
        message: "Username is taken!",
      });
    }

    // otherwise update user
    const user = new User({
      username: username,
      password: await bcrypt.hash(password, 10),
    });
    await user.save(); // make and save user
    return res.status(200).json({
      message: "User created!",
    });
  }),
];

// D
exports.delete = asyncHandler(async (req, res, next) => {
  // if everything is correct, delete user
  await User.findOneAndDelete({ username: originalUsername }).exec();
  return res.status(200).json({ message: "Post deleted!" });
});