const {verifyToken, generateAccesToken, generateRefreshToken} = require("./auth");

const auth = (req, res, next) => {
    const refreshToken = req.cookies.refreshToken;
    const accessToken = req.cookies.accessToken;
    const permtoken = req.cookies.permtoken;
    if(!refreshToken && !accessToken && !permtoken) return res.status(401).json({error: "Unauthorized"});

    if(accessToken){
        const result = verifyToken(accessToken);
        if(result.user){
            req.user = result.user;
            return next();
        }
    }

    else if(refreshToken && !accessToken){
        const result = verifyToken(refreshToken);
        if(result != false){
            //create new access token
            const newAccessToken = generateAccesToken(result.user);
            res.cookie("accessToken", newAccessToken, {httpOnly: true});
        }
        if(result.user){
            req.user = result.user;
            return next();
        }
    }

    else if(permtoken){
        const result = verifyToken(permtoken);
        if(result != false){
            //create new access token
            const newAccessToken = generateAccesToken(result.user);
            res.cookie("accessToken", newAccessToken, {httpOnly: true});

            //create new refresh token
            const newRefreshToken = generateRefreshToken(result.user);
            res.cookie("refreshToken", newRefreshToken, {httpOnly: true});
        }
        if(result.user){
            req.user = result.user;
            return next();
        }
    }

    return res.status(401).json({error: "Unauthorized"});
}

module.exports = auth;