const basicAuth = require("express-basic-auth")
const passwordHash = require("./password-hash");
const { R } = require("redbean-node");
const { setting } = require("./util-server");
const { debug } = require("../src/util");

/**
 *
 * @param username : string
 * @param password : string
 * @returns {Promise<Bean|null>}
 */
exports.login = async function (username, password) {
    let user = await R.findOne("user", " username = ? AND active = 1 ", [
        username,
    ])

    if (user && passwordHash.verify(password, user.password)) {
        // Upgrade the hash to bcrypt
        if (passwordHash.needRehash(user.password)) {
            await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [
                passwordHash.generate(password),
                user.id,
            ]);
        }
        return user;
    }

    return null;
}

function myAuthorizer(username, password, callback) {

    setting("disableAuth").then((result) => {

        if (result) {
            callback(null, true)
        } else {
            exports.login(username, password).then((user) => {
                callback(null, user != null)
            })
        }
    })

}

exports.basicAuth = basicAuth({
    authorizer: myAuthorizer,
    authorizeAsync: true,
    challenge: true,
});