import { Express } from "express";
import bcrypt from "bcrypt";
import { render } from "./util.js";
import { NodePgDatabase } from "drizzle-orm/node-postgres";
import { profiles, users } from "../db/schema.js";
import { eq } from "drizzle-orm";

//! TEMP Also not sanitized like at all
//! Also make sure user isnt logged in before doing this
export default function(app: Express, db: NodePgDatabase) {
  app.get("/register", (req, res) => {
    if (req.session["loggedIn"]) {
      res.redirect("/");
      return;
    }
    render(db, "register", "Sign up", res, req);
  });
  app.post("/register", async (req, res) => {
    if (req.session["loggedIn"]) {
      res.redirect("/");
      return;
    }
    if (req.body.name.length < 3) {
      req.flash("error", "Username can't be shorter than 3 characters");
      res.redirect("/register");
      return;
    }
    if (req.body.name.length > 26) {
      req.flash("error", "Username can't be longer than 26 characters");
      res.redirect("/register");
      return;
    }
    if (!req.body.name.match(/[A-Z0-9_-]/i)) {
      req.flash(
        "error",
        "Username can only contain letters, numbers, underscores, hyphens, and periods!!"
      );
      res.redirect("/register");
      return;
    }
    if (!req.body.email || !req.body.pass) {
      req.flash("error", "Email or password not provided");
      res.redirect("/register");
      return;
    }

    if (
      (await db.select().from(users).where(eq(users.name, req.body.name)))
        .length > 0
    ) {
      req.flash("error", "That username is taken MORON");
      res.redirect("/register");
      return;
    }
    //! ew
    if (
      (await db.select().from(users).where(eq(users.email, req.body.email)))
        .length > 0
    ) {
      req.flash("error", "A user with that email already exists");
      res.redirect("/register");
      return;
    }

    const hash = await bcrypt.hash(req.body.pass, 10);
    const { uid } = (
      await db
        .insert(users)
        .values({
          name: req.body.name,
          email: req.body.email, //! Not actually validating this like at all???
          pass: hash,
          registered: new Date(Date.now())
        })
        .returning({ uid: users.id })
    )[0];
    await db.insert(profiles).values({ user: uid });

    req.session["loggedIn"] = true;
    req.session["user"] = req.body.name;
    req.session["uid"] = uid;
    req.flash(
      "success",
      "Welcome to mipilin. After two weeks in development, hopefully it will have been worth the wait. Please let me know what you think after you have had a chance to use the website. I can be reached at gaben@roxwize.xyz, and my favorite mood is hormonal. Thanks, and have fun!"
    );
    res.redirect("/");
  });

  app.get("/login", async (req, res) => {
    if (req.session["loggedIn"]) {
      res.redirect("/");
      return;
    }
    render(db, "login", "Log in", res, req);
  });
  app.post("/login", async (req, res) => {
    if (req.session["loggedIn"]) {
      res.redirect("/");
      return;
    }
    const user = (
      await db.select().from(users).where(eq(users.name, req.body.name))
    )[0];
    if (!user) {
      req.flash("error", "The username or password is invalid! I'm sorry! :(");
      res.redirect("/login");
      return;
    }
    if (await bcrypt.compare(req.body.pass, user.pass)) {
      req.session["loggedIn"] = true;
      req.session["user"] = user.name;
      req.session["uid"] = user.id;
      req.flash("success", "You're logged in! Welcome back!!");
      res.redirect("/dashboard");
    } else {
      req.flash("error", "The username or password is invalid! I'm sorry! :(");
      res.redirect("/login");
    }
  });
  app.get("/logout", (req, res) => {
    req.session["loggedIn"] = false;
    delete req.session["user"];
    req.flash("info", "Good bye!");
    res.redirect("/");
  });
}