const { validation } = require('./validation')
const { compareSync } = require('bcrypt')
const otp = require('../utils/otp')
const response = require('../utils/responseHandler')

module.exports = [
  validation((req) => req.body, { otp: 'string' }),
  (req, res, next) => {
    if (!req.cookies['sidali-otp'] || req.cookies['sidali-otp'] && !compareSync(req.body.otp, req.cookies['sidali-otp']) || !otp.validate({ token: req.body.otp })) {
      return response.error(res, {
        message: 'OTP tidak valid',
        code: 401
      })
    }
    res.clearCookie('sidali-otp')
    return next()
  }
]