var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var crypto = require('crypto');
var db = require('../db');

var middleware = require('./middleware')

var auth = module.exports = {
  
  init: function(){
		passport.serializeUser(auth.serializeUser)
		passport.deserializeUser(auth.deserializeUser)
		passport.use(new LocalStrategy(auth.verifyLocalUser))
  },
  
  route: function(app){
    app.get("/login",
      function(req, res){
        res.render("pages/login", {
          title: "login"
        })
      })
    app.get("/signup", function(req, res){
      res.render("pages/signup", {
        title: "signup"
      })
    })
    app.get("/logout", auth.logout)
    app.put("/api/login",
      passport.authenticate("local"),
      function (req, res) {
        if (req.isAuthenticated()) {
          var returnTo = req.session.returnTo
          delete req.session.returnTo
          console.log(">> logged in", req.user.get('username'))
          return res.json({
            status: "OK",
            user: auth.sanitizeUser(req.user),
            returnTo: returnTo || "/index",
          })
        }
        res.json({
          error: 'bad credentials',
        })
      })
    app.put("/api/checkin",
      middleware.ensureAuthenticated,
      auth.checkin
    )  
	},
	
	serializeUser: function (user, done) {
		done(null, user.id);
	},

	deserializeUser: function (id, done) {
    db.getUser(id).then(function(user){
      done(! user, user)
    })
	},
	
	validPassword: function(user, pw){
    var shasum = crypto.createHash('sha1')
    shasum.update(pw)
    return user.get('password') === shasum.digest('hex');
  },

	verifyLocalUser: function (username, password, done) {
    // handle passwords!!
		db.getUserByUsername(username).then(function(user){

			// if (err) { return done(err); }
			if (! user) { return done("no user") }

      return done(null, user)

			if (! user || ! auth.validPassword(user, password)) {
				return done(null, false, { error: { message: 'Bad username/password.' } })
			}
			return done(null, user);
		})
	},
	
  sanitizeUser: function (req_user) {
    // sanitize user object
    var user = JSON.parse(JSON.stringify(req_user))
    delete user.password
    return user
  },
  
  checkin: function (req, res) {
    var user = auth.sanitizeUser(req.user)
    res.json(user)
  },

	logout: function (req, res) {
		req.logout();
		res.redirect('/');
	},

}