const express = require("express");
const router = express.Router();
const error = require("./utils/error");
const models = require("../models");
const crypto = require("crypto");
const Message = require("emailjs").Message;


async function checkToken(req, res, token) {
    let user = await models.User.findOne({where: {passwordToken: token}});
    if (!user)
        return error(req, res, "Can't reset password", 400, "Invalid token");
    else if (user.passwordTokenDate && ((new Date().getTime() - user.passwordTokenDate.getTime())/1000 > 3600))
        return error(req, res, "Can't reset password", 400, "Token expired");
    else
        return user;
}


router.get("/", async (req, res) => {
    if (req.session.user)
        res.redirect("/");
    else
        if (!req.query.token)
            res.render("forget", {title: "SOD - Forget password"});
        else {
            if (await checkToken(req, res, req.query.token))
                res.render("forget", {title: "SOD - Change password", token: req.query.token})
        }
}).post("/", async (req, res) => {
    if (req.body.email && !req.body.password && !req.body.token) {
        let user = await models.User.findOne({where: {email: req.body.email}});
        let config = req.app.get("config");

        if (!user)
            return error(req, res, "Can't reset password", 400, "Invalid email");

        let token = crypto.randomBytes(16).toString("hex");
        while (await models.User.findOne({where: {passwordToken: token}}))
            token = crypto.randomBytes(16).toString("hex");

        req.app.get("mailClient").send( new Message({
            text: res.__("profile.forgetPasswordMessage", `${req.protocol}://${req.hostname}/forget?token=${token}`),
            from: config.email.from,
            to: user.email,
            subject: res.__("forgetPassword")
        }), async (err, message) => {
            if (err)
                return error(req, res, "Fail to send message !", 500,
                    req.app.get("env") !== "production" ? err : undefined);
            else {
                user.passwordToken = token;
                user.passwordTokenDate = new Date();
                await user.save();
                res.redirect("/");
            }
        });
    } else if (req.body.password && req.body.token && !req.body.email) {
        let user = await checkToken(res, res, req.body.token);
        if (user) {
            user.passwordToken = null;
            user.passwordTokenDate = null;
            user.passwordHash = req.body.password;
            await user.save();
            res.redirect("/login");
        }
    } else
        return error(req, res, "Can't change password", 400, "Invalid args");
});

module.exports = router;