const AuthAPI = require('../AuthAPI')

const ReadMethods = { GET: true, HEAD: true }

/**
 * Sets req.user from the payload in the auth token in the request.
 */
function userToken(req, res, next) {
  if (req.user) {
    return next()
  }

  const token = (ReadMethods[req.method] ? req.query : req.body).token

  if (!token) {
    req.user = null
    return next()
  }

  AuthAPI.verifyToken(token).then(
    payload => {
      req.user = payload
      next()
    },
    error => {
      if (error.name === 'JsonWebTokenError') {
        res.status(403).send({
          error: `Bad auth token: ${error.message}`
        })
      } else {
        console.error(error)

        res.status(500).send({
          error: 'Unable to verify auth'
        })
      }
    }
  )
}

module.exports = userToken