const express = require('express')
const path = require('path')
const cookieParser = require('cookie-parser')
const logger = require('morgan')
const cors = require('cors')
const csrf = require('./middleware/csrf')
const response = require('./utils/responseHandler')
const app = express()

require('./config/db')()

app.use(logger('dev'))
app.use(express.json())
app.use(cors({ origin: true, credentials: true }))
app.use(express.urlencoded({ extended: false }))
app.use(cookieParser(process.env.SRU51))
// app.use(csrf( ['GET', 'HEAD', 'OPTIONS'], ['/v1/auth/login', /\/v1\/auto\//i, /v2/i]))

app.use(express.static(path.join(__dirname, 'public')))
app.use((req, res, next) => {req.data = {}; return next()})

// routes
app.use('/', require('./routes'))

app.use((req, res) =>
  response.error(res, { code: 404, message: 'request not found' })
)

app.use((err, req, res, next) => {
  if (err.code === 'EBADCSRFTOKEN') {
    response.error(res, { code: 403, message: 'invalid csrf token' })
  } else {
    response.error(res, { code: err.code || 500, message: err.message })
  }
})

module.exports = app