module Api
  class BaseController < ActionController::Base

    before_action :check_authorization_presence, only: [:check_token_format,:authenticate]
    before_action :authenticate, except: [:sign_in,:sign_out]
    before_action :check_token_presence, except: [:sign_in,:sign_out]
    before_action :check_token_revoke_format, only: [:sign_out]
    #before_action :init_user

    attr_reader :current_user

    protected

    # Check Methods
    def check_content_type_presence
      if request.method == "POST" || request.method == "PATCH"
        unless request.env['CONTENT_TYPE'].present?
          render json:{errors:[{title:'Content Type',
                                detail:"The content type is not present",
                                source:"Header content type" }]}, status: :bad_request
        end
      end
    end

    def check_token_presence
      #Check presence and format token
      if !(request.env['HTTP_AUTHORIZATION'].present?) && !(request.env['HTTP_AUTHORIZATION'].is_a?(String)) && ((request.env['HTTP_AUTHORIZATION'] =~ /Bearer [.]*/) != 0)
        render json:{errors:[{title:'Http Authorization',
                              detail:"The http authorization is not present or the format is not  valid, please check your header or the expected format",
                              source:"Header AUTHORIZATION" }]}, status: :bad_request
      end
    end

    def check_token_format
      #Authorization: Bearer e9629c2a-6763-45f4-9d3a-1b2c7822febe
      authorization = request.env['HTTP_AUTHORIZATION']

      #TODO: Manage the error when the split can't be executed
      options = authorization.split(' ')

      bearer_param = options.first
      token_param = options.second

      if bearer_param.blank? && token_param.blank? && (bearer_param != "Bearer" || token_param.blank?)
        render json:{errors:[{title:'Authorization Format Token',
                              detail:"The format token is not valid, please check it",
                              source:"data/attributes/authorization" }]}, status: :bad_request

      end
    end

    def check_authorization_presence
      unless request.env['HTTP_AUTHORIZATION'].present?
        render json:{errors:[{title:'Authorization Header',
                              detail:"The Authorization header is not present",
                              source:"data/headers" }]}, status: :bad_request
      end

    end

    def check_token_revoke_format
      token = token_in_params

      if !(token.present?) && !(token.is_a?(String)) && ((token =~ /Bearer [.]*/) != 0)
        render json:{errors:[{title:'Token presence or format',
                              detail:"The token is not present or the format is not  valid, please check your params or the expected format",
                              source:"Token Params" }]}, status: :bad_request
      end
    end

    #Action Methods
    def authenticate
      authorization = request.env['HTTP_AUTHORIZATION']

      options = authorization.split(' ')

      bearer_param = options.first
      token_param = options.last

      decoded_token = JsonWebToken.decode(token_param)

      if decoded_token.blank?
        render_access_denied
      else
        user_id = decoded_token[:user_id]
        created_at_format = decoded_token[:birthday_date]
        expiration_time = Time.at(decoded_token[:exp])

        #Trick to located the token, it should be created_at
        created_at = Time.parse(created_at_format)
        auth = Authorization.find_by(user_id:user_id,active_time_stamp:created_at.to_i)

        #TODO: Check how to use the operative attribute in Authorization model

        if auth.blank? || !auth.try(:operative)
          render json:{errors: [{message:"No estás autorizado a entrar", code:401}]}, status: :unauthorized
        else
          @current_user = User.find(decoded_token[:user_id])
        end
      end

    end

    #Methods for authorizations
    def get_plants
      if @current_user.rol_5s == User::USER_ROLES[:auditor] || @current_user.rol_5s == User::USER_ROLES[:supervisor]
        [PlantService.get_plant(@current_user)["object"]]
      elsif @current_user.rol_5s == User::USER_ROLES[:corporative]
        PlantService.get_plants["object"]
      end
    end

    #Methods for authorizations
    def current_plant_id
      puts "#NOMBRE => #{@current_user.userccu}, ROL => #{@current_user.rol_5s}"
      if @current_user.rol_5s == User::USER_ROLES[:auditor] || @current_user.rol_5s == User::USER_ROLES[:supervisor]
        @current_user.plant_id
      elsif @current_user.rol_5s == User::USER_ROLES[:corporative]
        puts "SOY CORPORATIVO"
        params[:id]
      end
    end

    #Acordarse de borrar
    def init_user
      puts controller_name
      if params[:user_id]
        @current_user = User.find_by(:instance_id => params[:user_id])       
      elsif params[:id] && controller_name == 'users'
        @current_user = User.find_by(:instance_id => params[:id]) if params[:id] 
      end  
    end

  end
end