const jwt = require('jsonwebtoken')
const User = require('../database/models/user')
const Role = require('../database/models/roles')

const auth = async (req, res, next) => {
    try {
        const token = req.header('Authorization').replace('Bearer ', '')
        const decoded = jwt.verify(token, 'ovoJeSecret')
        console.log(decoded)
    } catch (e) {
        return res.send(e)
    }
    console.log('auth middleware')
    next()
}

const authRole = async (req, res, next) => {
    try {
        const token = req.header('Authorization').replace('Bearer ', '')
        if(!token) {
            return res.status(401).send('Invalid token!')
        }

        const findUser = await User.findOne({ 'tokens.token': token })
        if(!findUser) {
            return res.status(401).send('No user has the token provided!')
        }
        if(findUser['role'] === Role.Admin) {
            console.log('User is admin!')
            next()
        }
        else {
            return res.status(403).send('Access forbidden!')
        }
    } catch(e) {
        next(e)
    }
}

module.exports = { auth, authRole }