'use strict'

import usersService from '../src/data/users'
import { isAuthEnabled, initAllowedUsers, authenticate, checkRole } from '../auth'
import { Operation } from 'express-openapi'

export default function() {
  const GET: Operation = async (req, res, next) => {
    const { isAllowedUser, role } = req.user

    if (!isAllowedUser && !checkRole(role, 'admin')) {
      const msg = 'No permission to get user'
      console.error(msg)
      res.status(401).send(msg)
    } else {
      try {
        res.status(200).json(await usersService.getUsers())
        if (isAuthEnabled()) {
          await initAllowedUsers()
        }
      } catch (error) {
        console.error(error)
        res.status(error.code).send(error.message)
      }
    }
  }

  const POST: Operation = async (req, res, next) => {
    const { isAllowedUser, role } = req.user

    if (!isAllowedUser && !checkRole(role, 'admin')) {
      const msg = 'No permission to post user'
      console.error(msg)
      res.status(401).send(msg)
    } else {
      try {
        res.status(200).json(await usersService.postUser(req))
        if (isAuthEnabled()) {
          await initAllowedUsers()
        }
      } catch (error) {
        console.error(error)
        res.status(error.code).send(error.message)
      }
    }
  }

  return {
    GET: [authenticate(['allowed-users', 'bot-token']), GET],
    POST: [authenticate(['allowed-users', 'bot-token']), POST]
  }
}