'use strict'

import botService from '../../src/data/bots/{id}'

import { authenticate, checkRole } from '../../auth'
import { Operation } from 'express-openapi'

export default function() {
  const GET: Operation = async (req, res, next) => {
    const { isAllowedUser, role } = req.user

    if (!isAllowedUser && !checkRole(role, 'view')) {
      const msg = 'No permission to get bot'
      console.error(msg)
      res.status(401).send(msg)
    } else {
      try {
        const data = await botService.getBot(req)

        if (isAllowedUser) {
          data.bot.userRole = 'admin'
        } else {
          data.bot.userRole = role
        }
        res.status(200).json(data.bot)
      } catch (error) {
        res.status(error.code || 500).send(error.message)
      }
    }
  }

  const PUT: Operation = async (req, res, next) => {
    const { isAllowedUser, role } = req.user

    if (!isAllowedUser && !checkRole(role, 'copywrite')) {
      console.error('No permission to update bot')
      res.status(401).send('Unauthorized')
    } else {
      try {
        res.status(200).json(await botService.putBot(req))
      } catch (error) {
        res.status(error.code || 500).json(error.message)
      }
    }
  }

  const DELETE: Operation = async (req, res, next) => {
    const { isAllowedUser, role } = req.user

    if (!isAllowedUser && !checkRole(role, 'admin')) {
      console.error('No permission to delete bot')
      res.status(401).send('Unauthorized')
    } else {
      try {
        res.status(200).json(await botService.deleteBot(req))
      } catch (error) {
        res.status(error.code || 500).json(error.message)
      }
    }
  }

  return {
    GET: [authenticate(['allowed-users', 'bot-token']), GET],
    PUT: [authenticate(['allowed-users', 'bot-token']), PUT],
    DELETE: [authenticate(['allowed-users', 'bot-token']), DELETE]
  }
}