// Heavily based on:
// https://github.com/TomDoesTech/REST-API-Tutorial-Updated/blob/7b5f040e1acd94d267df585516b33ee7e3b75f70/src/middleware/deserializeUser.ts
import { get } from 'lodash';
import { Request, Response, NextFunction } from 'express';
import * as jwt from '../tools/jwt';

const inferUser = async (
	req: Request,
	res: Response,
	next: NextFunction
) => {

	const accessToken = get(req, 'headers.authorization', '').replace(
		/^Bearer\s/,
		''
	);

	if (!accessToken) return next();

	const token = jwt.verifyJwt(accessToken, 'accessTokenPrivateKey');
	if (token) {
		res.locals.user = token;
		return next();
	}

	/*
	// refresh token handling is not (yet) implemented
	const refreshToken = get(req, 'headers.x-refresh');

	if (expired && refreshToken) {
		const newAccessToken = await reIssueAccessToken({ refreshToken });

		if (newAccessToken) {
			res.setHeader('x-access-token', newAccessToken);
		}

		const result = verifyJwt(newAccessToken as string, 'accessTokenPublicKey');

		res.locals.user = result.decoded;
		return next();
	}
	*/

	return next();
};

export default inferUser;