var express = require("express");
var passport = require("passport"),
    passportLocal = require("passport-local");
var fs = require("fs");
var path = require("path");
var proxy = require("./util/simple-http-proxy");
var _ = require("underscore");

function assertSetting(name, settings, validate) {
    if ( typeof settings[name] === 'undefined' ) {
        throw new Error("Required setting '"+name+"' undefined.");
    }
    if ( _.isFunction(validate) && !validate(settings[name]) ) {
        throw new Error("Setting '"+name+"' with value '"+settings[name]+"' is invalid.");
    }
}

exports.App = function(settings) {

    assertSetting("couchDbURL", settings, _.isString);
    
    function clientPath(relativePath) {
        return path.resolve(__dirname+'/../client/'+relativePath);
    }

    passport.use(new passportLocal.Strategy(function(username, password, done){
        if ( username === "igor" && password === "mayer" ) {
            done(null,{ username: "igor" });
        } else {
            done(null,false,{ message: 'Invalid credentials.' });
        }
    }));
    passport.serializeUser(function(user, done) {
        done(null, user.username);
    });
    passport.deserializeUser(function(id, done) {
        done(null, {username: id});
    });

    var app = express();
    app.use(express.logger());
    app.use(express.compress());
    app.use(express.favicon());

    app.use(express.cookieParser());
    app.use(express.bodyParser());
    app.use(express.session({ secret: "quasi experimental design" }));

    // initialize passport
    app.use(passport.initialize());
    app.use(passport.session());

    // static resources
    app.get('/', function(request, response){
        response.sendfile(clientPath('index.html'));
    });
    app.get('/*.html', function(request, response) {
        response.sendfile(clientPath(request.path));
    });
    _.each(['/dojo', '/dijit', '/dojox', '/qed', '/qed-client'], function(dir){
        app.use(dir, express.static(clientPath(dir)));
    });

    
    // url to login (might work on others as well?)
    // you should then have a session to work with
    // should return a user info object
    function returnUser(req,res) {
        res.send(200, req.user);
    }
    app.post(
        '/api/login',
        passport.authenticate('local'),
        returnUser);

    // ensure we're authenticated on API calls
    function ensureAuthenticated(req,res,next){
        if (!req.user) {
            return res.send(401,{error:"Login before accessing API."});
        } else {
            return next();
        }
    }
    
    app.get(
        '/api/login',
        ensureAuthenticated,
        returnUser);

    app.post(
        '/api/logout',
        ensureAuthenticated,
        function(req,res){
            req.logout();
            res.send(200,{});
        });

    app.get(
        '/api/surveyRuns/:id/responses.csv',
        ensureAuthenticated,
        function(req, res) {
            var id = req.params.id;
            // query CouchDB and build the CSV file
            res.set({
                'Content-Type': 'text/csv',
                'Content-Disposition': 'attachment; filename=surveyRun-'+id+'-responses.csv'
            });
            res.send(200, "Response for surveyRun "+id);
        });
    
    // forward to couch
    app.use('/api/data', ensureAuthenticated);
    app.use('/api/data', proxy(settings.couchDbURL));

    return app;

};