require('dotenv').config()
const express = require('express')
const jwt = require('jsonwebtoken')
const passport = require('passport')
const GoogleStrategy = require('passport-google-oauth20').Strategy
const fs = require('fs')
const publicKey = fs.readFileSync('jwtRS256.key.pub', 'utf8')
const privateKey = fs.readFileSync('jwtRS256.key', 'utf8')
var knex = require('knex')({
  client: 'pg',
  connection: process.env.TWIGGY_DB
})

passport.serializeUser((user, done) => {
  done(null, user)
})

// Setup Passport
passport.use(
  new GoogleStrategy({
    clientID: process.env.GOOGLE_CLIENT_ID,
    clientSecret: process.env.GOOGLE_CLIENT_SECRET,
    callbackURL: process.env.CALLBACK_URL
  }, (accessToken, refreshToken, profile, done) => {
    const email = profile.emails[0].value
    knex('users').where({email: email}).first().then((user) => {
      // !currentUser, pass it on
      if(user){
        console.log('currentUser is: ', user);
        done(null, user);
      } else {
        // !currentUser, create user in our db
        knex('users')
        .insert({
          email: email,
        })
        .returning(['id', 'email'])
        .then((user) => {
          console.log('newUser: ', user[0])
          done(null, user[0])
        })
      }
    })
  })
)

const app = express()
app.use(passport.initialize())

app.get('/', (req, res) => {
  res.send('Oauth2')
})

app.get('/oauth2', passport.authenticate('google', {
  scope: ['profile', 'email'],
  hostedDomain: process.env.HOSTED_DOMAIN
}))

// Set a function for our JWT token
const token = (userId, email, rolesArray) => {
  // Set our JWT claims
  let claims = {
    sub: userId,
    email: email,
    'https://hasura.io/jwt/claims': {
      'x-hasura-default-role': rolesArray.includes('admin') ? 'admin': 'user',
      'x-hasura-user-id': userId,
      'x-hasura-allowed-roles': rolesArray
    }
  }

  // Sign the JWT and pass onto the REDIRECT_URL
  const token = jwt.sign(claims, privateKey, { algorithm: 'RS256' })
  // Check that we can decode things!
  const decoded = jwt.verify(token, publicKey)
  console.log(decoded)
  return token
}

app.get('/redirect', passport.authenticate('google'), (req, res) => {
  // Get our roles from the DB then once resolved set our claims and redirect
  knex
  .select('name')
  .from('roles')
  .leftJoin('users_roles', 'roles.id', 'users_roles.role_id')
  .where({ 'users_roles.user_id': req.user.id })
  .then((roles) => {
    // Map the roles return to an array of names
    const rolesArray = roles.map(role => role.name)
    // Now redirect
    res.redirect(`${process.env.REDIRECT_URL}?token=${token(req.user.id, req.user.email, rolesArray)}`)
  })
})

const port = process.env.PORT || 3000
app.listen(port, () => {
  console.log(`app now listening for requests on port ${port}`)
})