/**
 *                        WHITEBOPHIR
 *********************************************************
 * @licstart  The following is the entire license notice for the
 *  JavaScript code in this page.
 *
 * Copyright (C) 2013  Ophir LOJKINE
 *
 *
 * The JavaScript code in this page is free software: you can
 * redistribute it and/or modify it under the terms of the GNU
 * General Public License (GNU GPL) as published by the Free Software
 * Foundation, either version 3 of the License, or (at your option)
 * any later version.  The code is distributed WITHOUT ANY WARRANTY;
 * without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU GPL for more details.
 *
 * As additional permission under GNU GPL version 3 section 7, you
 * may distribute non-source (e.g., minimized or compacted) forms of
 * that code without the copy of the GNU GPL normally required by
 * section 4, provided you include this license notice and a URL
 * through which recipients can access the Corresponding Source.
 *
 * @licend
 */

(config = require("./configuration.js")),
  (jsonwebtoken = require("jsonwebtoken"));

/**
 * This function checks if a board name is set in the roles claim.
 * Returns true of the board name is set in the JWT and the board name matches the board name in the URL
 * @param {string} url
 * @param {string} boardNameIn
 @returns {boolean} - True if user does not have the role forbidden false if the user hase the role forbidden
 @throws {Error} - If no boardname match
 */

function checkBoardnameInToken(url, boardNameIn) {
  var token = url.searchParams.get("token");
  if (roleInBoard(token, boardNameIn) === "forbidden") {
    throw new Error("Acess Forbidden");
  }
}

function parse_role(role) {
  let [_, role_name, board_name] = role.match(/^([^:]*):?(.*)$/);
  return { role_name, board_name };
}

/**
 * This function checks if a oard name is set in the roles claim.
 * Returns string depending on the role in the board
 * @param {string} token
 * @param {string} board
 @returns {string}  "moderator"|"editor"|"forbidden"
 */
function roleInBoard(token, board = null) {
  if (config.AUTH_SECRET_KEY != "") {
    if (!token) {
      throw new Error("No token provided");
    }
    var payload = jsonwebtoken.verify(token, config.AUTH_SECRET_KEY);

    var roles = payload.roles;
    var oneHasBoardName = false;
    var oneHasModerator = false;

    if (roles) {
      for (var line of roles) {
        var role = parse_role(line);

        if (role.board_name !== "") {
          oneHasBoardName = true;
        }
        if (role.role_name === "moderator") {
          oneHasModerator = true;
        }
        if (role.board_name === board) {
          return role.role_name;
        }
      }
      if ((!board && oneHasModerator) || !oneHasBoardName) {
        if (oneHasModerator) {
          return "moderator";
        } else {
          return "editor";
        }
      }
      return "forbidden";
    } else {
      return "editor";
    }
  } else {
    return "editor";
  }
}

module.exports = { checkBoardnameInToken, roleInBoard };