var log = require('log4node');
var mongoose = require('mongoose');
var User = mongoose.model('User');
var request = require('request');
var jwt = require('jwt-simple');
var moment = require('moment');

var ACCESS_TOKEN_URL = 'https://accounts.google.com/o/oauth2/token';
var PEOPLE_API_URL = 'https://www.googleapis.com/plus/v1/people/me/openIdConnect';

module.exports = function (app, passport, config) {

  function createJWT(user) {
    var payload = {
      sub: user._id,
      iat: moment().unix(),
      exp: moment().add(14, 'days').unix()
    };

    return jwt.encode(payload, config.auth.jwtSecret);
  }

  app.post('/auth2', function (req, res) {
    var params = {
      code: req.body.code,
      client_id: req.body.clientId,
      client_secret: config.auth.clientSecret,
      redirect_uri: req.body.redirectUri,
      grant_type: 'authorization_code'
    };

    request.post(ACCESS_TOKEN_URL, {json: true, form: params}, function (err, response, token) {
      console.log(token);

      var accessToken = token.access_token;
      var headers = {
        Authorization: 'Bearer ' + accessToken
      };

      request.get({url: PEOPLE_API_URL, headers: headers, json: true}, function (err, response, profile) {
        if (profile.error) {
          return res.status(500).send({message: profile.error.message});
        }

        User.findOne({email: profile.email.toLowerCase()}, function (err, user) {
          if (err) {
            return res.status(500).send(err);
          }

//          if (!user || !user.hasPermission('system.login')) {
//            return res.status(403).send({message: "You are not authorized to access this portal."});
//          }

          user.accessToken = token.access_token;

          if (token.refresh_token) {
            user.refreshToken = token.refresh_token;
          }

          if (profile.given_name) {
            user.name.first = profile.given_name;
          }

          if (profile.family_name) {
            user.name.last = profile.family_name;
          }

          if (profile.picture) {
            user.picture = profile.picture.replace('?sz=50', '');
          }

          user.save()
            .then(function () {
              res.send({token: createJWT(user)});
            });
        });
      });
    })
  });


  app.get('/auth', function (req, res, next) {
    console.dir(req.headers);
    req.session.redirectUrl = req.headers['referer'];

    passport.authenticate('google', {
      accessType: 'offline',
      scope: [
        'https://www.googleapis.com/auth/userinfo.profile',
        'https://www.googleapis.com/auth/userinfo.email',
        'https://www.googleapis.com/auth/calendar'
      ]
    })(req, res, next);
  });

  app.get('/auth/callback', function (req, res, next) {

    var callbackHost = req.headers['x-forwarded-host'];
    if (!callbackHost) {
      callbackHost = "localhost:9000";
    }

    var options = {
      callbackURL: 'http://' + callbackHost + '/auth/callback'
    };
    passport.authenticate('google', options, function (err, user, info) {
      var redirectUrl = '/';

      if (err) {
        return next(err);
      }
      if (!user) {
        return res.redirect('/login/error');
      }

      log.setPrefix("[%d] %l ");
      log.info("User Logged In: %s %s", user.name.first, user.name.last);

      res.cookie('atlbid', JSON.stringify(user._id), {signed: true});

      if (req.session.redirectUrl) {
        redirectUrl = req.session.redirectUrl;
        req.session.redirectUrl = null;
      }

      if (redirectUrl.indexOf('/login') != -1) {
        redirectUrl = '/';
      }

      req.logIn(user, function (err) {
        if (err) {
          return next(err);
        }
      });

      res.redirect(redirectUrl);
    })(req, res, next);
  });

  function createAuthenticator(error) {
    return function (req, res, next) {
      var onError = function () {
        error(req, res, next);
      };

      var onSuccess = function (user) {
        log.setPrefix(function (level) {
          return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + user.name.first + ' ' + user.name.last + ' | ';
        });
        next();
      }

      if (!req.isAuthenticated()) {
        if (!req.headers.authorization) {
          return onError();
        }

        var token = req.headers.authorization.split(' ')[1];
        var payload = null;
        try {
          payload = jwt.decode(token, config.auth.jwtSecret);
        } catch (err) {
          return onError();
        }

        console.log(payload);

        if (payload.exp <= moment().unix()) {
          return onError();
        }

        User.findById(payload.sub, function (err, user) {
          if (user) {
            console.log('Loaded User');
            req.user = user;
            onSuccess(user);
          } else {
            onError();
          }
        });
      } else {
        onSuccess(req.user);
      }
    }
  }

  return {
    requiresUiLogin: createAuthenticator(function (req, res, next) {
      res.redirect('/login');
    }),

    requiresApiAccess: createAuthenticator(function (req, res, next) {
      res.send(403);
    })
  };

  /*
   return {
   requiresUiLogin: function(req, res, next) {
   if (!req.isAuthenticated()) {
   return res.redirect('/login');
   }

   log.setPrefix(function(level) {
   return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + req.user.name.first + ' ' + req.user.name.last + ' | ';
   });
   next();
   },
   requiresApiAccess: function(req, res, next) {
   if (!req.isAuthenticated()) {
   return res.send(403);
   }

   log.setPrefix(function(level) {
   return '[' + new Date().toUTCString() + '] ' + level.toUpperCase() + ' ' + req.user.name.first + ' ' + req.user.name.last + ' | ';
   });
   next();
   }
   };
   */
};