'use strict';

const express = require('express');
//const morgan = require('morgan');
const bodyParser = require('body-parser');
const compress = require('compression');
const responseTime = require('response-time');
const methodOverride = require('method-override');
const cors = require('cors');
const helmet = require('helmet');
const passport = require('passport');

const config = require('../config');
const router = require('./router');
const error = require('../middlewares/error');

/**
 * Express instance
 * @public
 */
const app = express();

// request logging. dev: console | production: file
//app.use(morgan(logs));

// parse body params and attache them to req.body
app.use(bodyParser.json({ limit: '5mb' }));
app.use(bodyParser.urlencoded({
    limit: '5mb', extended: true
}));

// set up the response-time middleware
app.use(responseTime());

// gzip compression
app.use(compress());

// lets you use HTTP verbs such as PUT or DELETE
// in places where the client doesn't support it
app.use(methodOverride());

// secure apps by setting various HTTP headers
app.use(helmet());

// enable CORS - Cross Origin Resource Sharing
var allowedOrigins = ['http://localhost:8080', 'http://127.0.0.1:8080', 'https://adminapp2.loquedeverdadimporta.org'];

app.use(cors({
    origin: function (origin, callback) {    // allow requests with no origin 
        // (like mobile apps or curl requests)
        if (!origin) {
            return callback(null, true);
        }

        console.log('origin =>', origin);

        if (allowedOrigins.indexOf(origin) === -1) {
            var msg = 'The CORS policy for this site does not ' +
                'allow access from the specified Origin.';
            return callback(new Error(msg), false);
        } 

        return callback(null, true);
    }
}));


/*app.use(cors({
    origin: '*',
    exposeHeaders: [
        "WWW-Authenticate",
        "Server-Authorization",
        "Content-Disposition", 
        "Content-Type",         
        "Content-Length"
    ],
    maxAge: 31536000,
    credentials: true,
    allowMethods: [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE",
        "OPTIONS",
        "HEAD"
    ],
    allowHeaders: [
        "Access-Control-Allow-Origin",
        "Content-Type",
        "X-CSRF-Token", 
        "X-Requested-With", 
        "Accept", 
        "Accept-Version",
        "Content-Length", 
        "Content-MD5", 
        "Date", 
        "X-Api-Version", 
        "X-File-Name",
        "Authorization",
        "X-Frame-Options",
        "Origin",
    ],
}));*/



// Access validator
app.use(passport.initialize());
require('./passport');

// Set routes
app.use('/api', router());

// if error is not an instanceOf APIError, convert it.
app.use(error.converter);

// catch 404 and forward to error handler
app.use(error.notFound);

// error handler, send stacktrace only during development
app.use(error.handler);

module.exports = app;