"use strict";

require("dotenv").config();

const cors       = require("cors");
const express    = require("express");
const helmet     = require("helmet");
const http       = require("http");
const jwksClient = require("jwks-rsa");
const jwt        = require("jsonwebtoken");

const { ApolloServer, AuthenticationError, gql } = require("apollo-server-express");
const { ApolloServerPluginDrainHttpServer }      = require("apollo-server-core");

const corsOrigins = process.env.APP_CORS_ORIGINS.split(",");

const app = express();
app.enable("trust proxy");
app.use(cors({ origin: corsOrigins }));
if (app.get("env") === "production") {
  app.use(helmet());
  app.use(helmet.contentSecurityPolicy());
}

const httpServer = http.createServer(app);

const typeDefs = gql`
  type Hello {
    message: String
  }

  type Query {
    hello: Hello
  }
`;

const resolvers = {
  Query: {
    hello: _ => ({ message: "Hello World!" })
  }
};

let client = jwksClient({ jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json` });

const authentication = async context => {
  const token = context.req.headers.authorization || "";
  if (!token) throw new AuthenticationError("Authentication required");

  const keys = await client.getSigningKeys();

  const user = await jwt.verify(token, keys[0].getPublicKey(), { algorithms: [ "RS256" ] });
  if (!user.email) throw new AuthenticationError("Wrong token presented");

  return { user };
}

const apollo = new ApolloServer({
  typeDefs,
  resolvers,
  plugin: [ApolloServerPluginDrainHttpServer({ httpServer })],
  context: authentication
});
apollo.start().then(_ => {
  apollo.applyMiddleware({ app });

  app.all("*", (request, response) => response.send(""));

  httpServer.listen(process.env.APP_PORT);

  let apolloData = httpServer.address();
  console.log(`GraphQL service listening on ${apolloData.address}:${apolloData.port}${apollo.graphqlPath}`);
}).catch(error => console.log(error.message));