// This file contains the routes for the the account linking process on the parent side.

let express = require('express');
let router = express.Router();
let passport = require('passport');
let database = require('../config/database.js');

// Consume the pairing code
// Return the student's UPN then delete the pairing code
function consumePairingCode(pairing_code, callback) {
    let sql = 'SELECT upn FROM ps_pairing_codes WHERE pairing_code = ?';
    database.query(sql, pairing_code, function (err, result) {
        if (err) {
            console.log('Error:', err);
            return callback(err, null);
        } else {
            if (result.length === 0) {
                return callback(null, null);
            } else {
                let upn = result[0].upn;
                let sql = 'DELETE FROM ps_pairing_codes WHERE pairing_code = ?';
                database.query(sql, pairing_code, function (err, result) {
                    if (err) {
                        console.log('Error:', err);
                    } else {
                        console.log('Pairing code consumed');
                    }
                });
                return callback(null, upn);
            }
        }
    });
}

router.get('/parent/:parent_upn/add-student', function (req, res) {
    if(!req.isAuthenticated()) {
        return res.status(401).send('Unauthorized');
    }
    let parent_upn = req.params.parent_upn;
    // Is the logged in user a parent with the same UPN as the one in the URL?
    // If not, return a 403 Forbidden response
    if (req.user.username !== parent_upn) {
        return res.status(403).send('Forbidden, UPN mismatch');
    }
    // Consume the pairing code, if it return null, return a 404 Not Found response
    // Don't update the parent's student list yet
    // Note that we won't return the student's details in this route
    // Just a success message
    let pairing_code = req.query.pairing_code;
    // Is the pairing code in the query string?
    if (!pairing_code) {
        return res.status(400).send('Bad Request, pairing_code missing');
    }
    let student_upn = '';
    consumePairingCode(pairing_code, function (err, upn) {
        if (err) {
            return res.status(500).send('Internal Server Error');
        }
        if (upn === null) {
            return res.status(404).send('Invalid pairing code');
        }
        student_upn = upn;
        res.send('Student added');
        // Set the LDAP attribute parent to the parent's UPN in the student's LDAP entry
    });
});

router.get('/parent/:parent_upn', function (req, res) {
    if(!req.isAuthenticated()) {
        return res.status(401).send('Unauthorized');
    }
    let parent_upn = req.params.parent_upn;
    // Is the logged in user a parent with the same UPN as the one in the URL?
    // If not, return a 403 Forbidden response
    if (req.user.username !== parent_upn) {
        return res.status(403).send('Forbidden, UPN mismatch');
    }
    // Return the parent's details in the session in JSON format
    allowedAttributes = ['username', 'first_name', 'last_name'];
    let parent = {};
    allowedAttributes.forEach(function (attribute) {
        parent[attribute] = req.user[attribute];
    });
    res.json(parent);
});

module.exports = router;