const express = require('express');
const router = express.Router();
const cors = require('cors'); //route-by-route, because some routes are available without authentication

//middleware
const authToken = require('../utilities/token-auth');

//the routes
const query = require('./query');
const publish = require('./publish');
const edit = require('./edit');
const remove = require('./remove');

//basic route management (all query possibilities)
router.get('/{:id}', cors(), query(false, false));
router.get('/archive/{:id}', cors(), query(true, false));
router.get('/metadata/{:id}', cors(), query(false, true));
router.get('/archive/metadata/{:id}', cors(), query(true, true));

//use middleware to authenticate the rest of the routes
router.use(cors({
	credentials: true,
	origin: [`${process.env.WEB_ORIGIN}`], //because auth-server
	allowedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'Set-Cookie'],
	exposedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'Set-Cookie'],
}));

router.use(authToken);

router.use((req, res, next) => {
	if (req.user.mod) {
		next();
	} else {
		res.status(403).end();
	}
});

//authenticated routes
router.post('/', publish);
router.patch('/{:id}', edit);
router.delete('/{:id}', remove);

module.exports = router;