'use strict';

const jwt = require('jsonwebtoken');

//This object is meant only for testing and logging!

//!! Security Alert !!
//parameter validation is also very important for content within this token!!
//So do not trust the information blind! (especially e.g. uris)

function TokenInfo(encoded) {
    var payload = {};
    var header = {};
    var errobj = undefined;

    function decode() {
        if (encoded) {
            var token = jwt.decode(encoded, { complete: true });
            if (!token) {
                errobj = new jwt.JsonWebTokenError("jwt malformed");
                errobj.statuscode = 401;
            } else {
                payload = token.payload;
                header = token.header;
            }
        } else {
            errobj = new jwt.JsonWebTokenError("jwt undefined");
            errobj.statuscode = 400;
        }
    }

    this.reset = function (enc) {
        errobj = undefined;
        payload = {};
        header = {};
        encoded = enc;
        decode();
    }

    this.isDecoded = function () {
        return payload ? true : false;
    }

    this.isValid = function () {
        return errobj ? false : true;
    }

    this.getErrorObject = function () {
        return errobj;
    }

    this.getTokenValue = function () {
        return encoded;
    }

    this.getHeader = function () {
        return header;
    }

    //return the complete payload of the token    
    this.getPayload = function () {
        return payload;
    }

    //Getter for public Claims (see https://tools.ietf.org/html/rfc7519#section-4)
    this.getExpirationDate = function () {
        return payload.exp ? new Date(payload.exp * 1000) : null;
    }

    this.getIssuedAt = function () {
        return payload.iat ? new Date(payload.iat * 1000) : null;
    }

    this.getIssuer = function () {
        let issuer = payload["ias_iss"] ? payload["ias_iss"] : payload.iss;
        if (issuer && issuer.indexOf('http') !== 0) {
            issuer = "https://" + issuer;
        }
        return issuer;
    }

    this.getCustomIssuer = function () {
        return payload["ias_iss"] ? payload.iss : null;
    }

    this.getSubject = function () {
        return payload.sub;
    }

    this.getAudiencesArray = function () {
        if (!payload.aud) {
            return null;
        }
        return Array.isArray(payload.aud) ? payload.aud : [payload.aud];
    }

    this.getUserId = function () {
        if (this.isTokenIssuedByXSUAA()) {
            return payload.user_uuid || payload.sub;
        } else {
            return payload.user_uuid;
        }
    }

    this.getZoneId = function () {
        return this.getAppTID();
    }

    this.getAppTID = function() {
        if (this.isTokenIssuedByXSUAA()) {
          return payload.zid;
        } else {
          return payload.app_tid ? payload.app_tid : payload.zone_uuid;
        }
    }

    this.getClientId = function () {
        var azp = payload.azp;
        if (azp) {
            return azp;
        }
        var aud = this.getAudiencesArray();
        if (!aud || aud.length != 1) {
            return null;
        }

        //make sure it's not an empty string
        return aud[0] ? aud[0] : payload.cid;
    }

    this.getAzp = function() {
        return payload.azp;
    }

    this.isTokenIssuedByXSUAA = function () {
        return payload.ext_attr ? payload.ext_attr.enhancer === "XSUAA" : false;
    }

    this.verify = function (verificationKeySupplier, cb) { 
        return jwt.verify(encoded,
            verificationKeySupplier,
            {
                algorithms: ['RS256'] //XSUAA currently only allow/generate RS256
            },
            function (err) {
                errobj = err;

                if (err) {
                    errobj.statuscode = 401;
                }

                return cb(err, this);
            }.bind(this)
        );
    }

    decode();
};

module.exports = TokenInfo;