import express from "express";
import type { Express, NextFunction, Request, RequestHandler, Response } from "express";
import cors from "cors";
import helmet from "helmet";
import morgan from "morgan";
import rateLimit from "express-rate-limit";

import allowSetup from "../middleware/allowSetup";
import authenticate from "../middleware/authenticate";
import errorHandler from "../middleware/errorHandler";

import publicAvailable from "./public";
import setup from "./setup";
import invite from "./invite";
import reset from "./reset";
import auth from "./auth";
import admin from "./admin/index";
import user from "./user";
import detectPWA from "../middleware/detectPWA";
import webapi from "./webapi";
import authenticateAPI from "../middleware/authenticateAPI";
import server from "./server";
import PermissionHelper from "../helpers/permissionHelper";
import preventWebapiAccess from "../middleware/preventWebApiAccess";

const strictLimiter = rateLimit({
  windowMs: 15 * 60 * 1000,
  max: 10,
  message: "Zu viele Anmeldeversuche innerhalb von 15 Minuten. Bitte warten.",
});

const generalLimiter = rateLimit({
  windowMs: 60 * 1000,
  max: 500,
  message: "Zu viele Anfragen innerhalb von 1 Minute. Bitte warten.",
});

function excludePaths(middleware: RequestHandler, excludedPaths: Array<string>) {
  return (req: Request, res: Response, next: NextFunction) => {
    if (excludedPaths.includes(req.path)) {
      return next();
    }
    return middleware(req, res, next);
  };
}

export default (app: Express) => {
  app.set("query parser", "extended");
  app.use(cors());
  app.options("*", cors());
  app.use(helmet());
  app.use(morgan("short"));
  app.use(express.json());
  app.use(
    express.urlencoded({
      extended: true,
    })
  );

  app.use(detectPWA);
  app.use("/api/public", publicAvailable);
  app.use("/api/setup", strictLimiter, preventWebapiAccess, allowSetup, setup);
  app.use("/api/reset", strictLimiter, preventWebapiAccess, reset);
  app.use("/api/invite", strictLimiter, preventWebapiAccess, invite);
  app.use("/api/auth", strictLimiter, preventWebapiAccess, auth);
  app.use("/api/webapi", authenticateAPI, webapi);
  app.use(authenticate);
  app.use(excludePaths(generalLimiter, ["/synchronize"]));
  app.use("/api/admin", admin);
  app.use("/api/user", preventWebapiAccess, user);
  app.use("/api/server", preventWebapiAccess, PermissionHelper.isAdminMiddleware(), server);
  app.use(errorHandler);
};