// Main App
const express = require('express');
const app = express();
const exphbs = require ('express-handlebars');
const { SetupEnvironment } = require('./environ');
const SetupRouter = require('./router');
const bodyParser = require("body-parser");
const sessionMw = require('./session');
const csrf = require("./csrf");

// Setup the environment
SetupEnvironment();

// Database
const database = require('./database');

// Session
const session = require('express-session');
const SequelizeStore = require('connect-session-sequelize')(session.Store);
const cookieParser = require('cookie-parser');

// Error Handling
const { GenericErrorByCode, FormatForAPI } = require('./errors');

// Helpers
const { HBSHelpers } = require('./helpers');

// Security
const helmet = require('helmet');

// Get what we need for starting the server
const serverPort = process.env.SRV_PORT;
const serverInterface = process.env.SRV_IF;

// Database Setup
const db = database.db;
const sessionStore = new SequelizeStore({
    db: db,
    tableName: 'Session'
})

// Body parsing
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());

// Helmet setup
app.use(
    helmet.contentSecurityPolicy({
        directives: (req, res) => ({
            defaultSrc: ["'self'"],
            scriptSrc: ["'strict-dynamic'", `'nonce-${res.locals.nonce}'`],
            objectSrc: ["'none'"],
            styleSrc: ["'self'", "'unsafe-inline'"],
            imgSrc: ["'self'", 'data:', '*'],
            mediaSrc: ["'self'", 'data:', '*'],
            connectSrc: ["'self'", 'data:', '*']
        }),
    })
);

// Handlebars Setup
const hbs = exphbs.create({
    helpers: HBSHelpers,
    defaultLayout: 'main',
    extname: '.handlebars',
    
    runtimeOptions: {
        allowProtoPropertiesByDefault: true,
        allowProtoMethodsByDefault: true,
    },
});
app.engine('handlebars', hbs.engine);
app.set('view engine', 'handlebars');

// Cookie parsing
app.use(cookieParser(process.env.CKYKEY));

// Session
app.use(session({
    name: 'session',
    secret: process.env.SESSKEY,
    resave: false,
    saveUninitialized: false,
    store: sessionStore,
    cookie: {
        httpOnly: true,
        secure: false,
        sameSite: 'lax',
        path: '/'
    },
}));

// Setup Assets
app.use(express.static('assets'));

// Session middlware
app.use(sessionMw.PersistSession);

// CSRF protection
app.use(csrf.csrfSynchronisedProtection);

// Setup Router
SetupRouter(app);

db.sync().then(() => {
    app.use((req, res, next) => {
        next(GenericErrorByCode(404));
    });

    app.use((err, req, res, next) => {
        res.status(err.status || 500);
        res.json(FormatForAPI(err.message || 'Internal Server Error'));
    });

    app.listen(serverPort, serverInterface, () => {
        console.log(`NDM running @ ${serverInterface}:${serverPort}`);
    });
});