const path = require('path');
const express = require('express');
const session = require('express-session');
const expressLayouts = require('express-ejs-layouts');
const SqliteStoreFactory = require('better-sqlite3-session-store');
const { csrfSync } = require('csrf-sync');
const pinoHttp = require('pino-http');

const { db } = require('../db');
const SqliteStore = SqliteStoreFactory(session);

const app = express();

app.set('view engine', 'ejs');
app.set('views', path.join(__dirname, 'views'));
app.set('layout', 'layout');
app.use(expressLayouts);
app.set('trust proxy', 1);

app.use(pinoHttp());

app.use(express.urlencoded({ extended: false }));
app.use(express.json());

// Static assets (CSS, JS, vendor).
app.use('/static', express.static(path.join(__dirname, '..', 'public'), { maxAge: '1h' }));

// Cover art is served statically; audio goes through /stream/:id for Range support + access control later.
const mediaDir = process.env.MEDIA_DIR || path.join(__dirname, '..', 'media');
app.use('/media/covers', express.static(path.join(mediaDir, 'covers'), { maxAge: '1d' }));

app.use(session({
  store: new SqliteStore({
    client: db,
    expired: { clear: true, intervalMs: 15 * 60 * 1000 },
  }),
  secret: process.env.SESSION_SECRET || 'dev-insecure-secret-change-me',
  resave: false,
  saveUninitialized: false,
  cookie: {
    httpOnly: true,
    sameSite: 'lax',
    maxAge: 30 * 24 * 60 * 60 * 1000,
    secure: false, // flip to true behind HTTPS
  },
}));

const { csrfSynchronisedProtection, generateToken } = csrfSync({
  getTokenFromRequest: (req) => req.body && req.body._csrf,
});

// Attach helpers for templates.
app.use((req, res, next) => {
  res.locals.user = req.session.user || null;
  res.locals.flash = req.session.flash || null;
  delete req.session.flash;
  res.locals.csrfToken = generateToken(req);
  res.locals.currentPath = req.path;
  next();
});

// Flash helper.
app.use((req, _res, next) => {
  req.flash = (type, message) => {
    req.session.flash = { type, message };
  };
  next();
});

// Routes.
app.use('/', require('./routes/public'));
app.use('/', require('./routes/auth')(csrfSynchronisedProtection));
app.use('/account', require('./routes/account')(csrfSynchronisedProtection));
app.use('/admin/users', require('./routes/users-admin')(csrfSynchronisedProtection));
app.use('/admin', require('./routes/admin')(csrfSynchronisedProtection));

// 404.
app.use((req, res) => {
  res.status(404).render('error', { title: 'Not found', message: 'Page not found.' });
});

// Error handler.
// eslint-disable-next-line no-unused-vars
app.use((err, req, res, _next) => {
  req.log ? req.log.error({ err }, 'request failed') : console.error(err);
  const status = err.status || 500;
  res.status(status).render('error', {
    title: status === 403 ? 'Forbidden' : 'Error',
    message: err.expose ? err.message : (status === 403 ? 'Forbidden.' : 'Something went wrong.'),
  });
});

module.exports = app;