import DOMPurify from 'isomorphic-dompurify'
import TokenHelper from './../helper/token.js'
import logger from './../helper/logger.js'

/**
 *  handle token
 *
 *  @author Björn Hase <me@herr-hase.wtf>
 *  @license hhttps://www.gnu.org/licenses/gpl-3.0.en.html GPL-3
 *  @link https://git.node001.net/HerrHase/signpost.git
 *
 */

async function tokenHandler(request, response) {

    if (!request.headers.authorization) {
        return response
            .code(403)
            .send()
    }
    
    let token = DOMPurify.sanitize(request.headers.authorization)
    token = token.match(/^Bearer ([A-Za-z0-9._~+/-]+=*)$/)

    // check if token exists
    if (!token[1]) {
        logger(response.locals.flow.uuid).error('token not found in header')

        return response
            .code(403)
            .send()
    }

    // check if token is same as for the flow
    if (!TokenHelper.equal(token[1], response.locals.flow.hash)) {
        logger(response.locals.flow.uuid).error('token not equal with hash from flow')

        return response
            .code(403)
            .send()
    }
}
 
export default tokenHandler