const express = require("express")
const router = express.Router()
const { YggdrasilError, DefaultError } = require("../../errors/errors")
const rateLimit = require("express-rate-limit")
const authService = require("../../services/authService")
const logger = require("../../modules/logger")

const limiter = rateLimit({
    windowMs: 15 * 60 * 1000,
    max: 20,
    standardHeaders: true,
    legacyHeaders: false,
    handler: (req, res) => {
        return res.status(429).json({
            error: "TooManyRequestsException",
            errorMessage: "Too many login attempts, please try again later."
        })
    }
})

router.post("/", limiter, async (req, res) => {
    const { username, password, clientToken, requestUser } = req.body
    try {
        const result = await authService.authenticate({ 
            identifier: username, 
            password, 
            clientToken, 
            requireUser: requestUser || false 
        })

        logger.log(`User authenticated: ${username}`, ["AUTH", "green"])
        return res.status(200).json(result.response)
    } catch (err) {
        if (err instanceof DefaultError) {
            throw new YggdrasilError( err.code, err.error || "ForbiddenOperationException", err.message, "Invalid credentials")
        }
        throw err
    }
})

module.exports = router