var express = require('express');
var router = express.Router();

var Invite = require('../models/Invite.js');

var requireScope = function (perm) {
    return function(req, res, next) {
        User.findOne({username: req.session.passport.user}, function(err, user) {
            if (err) throw err;
            if (user.scope.indexOf(perm) === -1)
                res.status(400).json({'message': 'No permission.'});
            else
                next();
        });
    }
};

router.post('/create', function (req, res) {
    if (!req.body.scope) {
        res.status(400).json({'message': 'Bad request.'});
        return;
    }

    var scope;
    try {
        scope = JSON.parse(req.body.scope);
    } catch (e) {
        res.status(500).json({'message': e.name + ': ' + e.message});
        return;
    }

    var expiry = req.body.exp;
    if (!expiry || expiry < Date.now())
        expiry = 0;

    var entry = {
        code: crypto.randomBytes(12).toString('hex'),
        scope: scope,
        issuer: req.session.passport.user,
        issued: Date.now(),
        exp: expiry
    };

    Invite.create(entry, function (err) {
        if (err) {
            throw err;
        } else {
            res.status(200).json({
                code: entry.code,
                scope: entry.scope
            });
        }
    })
});

router.get('/get', function (req, res, next) {
    var query = {issuer: req.session.passport.user};

    if (req.body.code)
        query.code = req.body.code;

    Invite.find(query, function (err, invites) {
        if (err) {
            next(err);
        } else {
            res.status(200).json(invites);
        }
    })
});

router.post('/delete', function (req, res, next) {
    Invite.deleteOne({code: req.body.code}, function (err) {
        if (err) next(err);
        else res.status(200).json({'message': 'Successfully deleted.'});
    });
});

module.exports = router;