'use strict'

const { plugin } = require('@hapi/inert')
const Joi = require('joi')

const pluginConfig = {
    handlerType: 'jwt',
    docs: {
        get: {
            description: 'removes sessionToken from activeSessions upon logout',
            notes: 'on logout, activeSessions no longer holds onto user credentials',
        },
    },
}

module.exports = {
    method: 'POST',
    path: '/removesession',
    options: {
        ...pluginConfig.docs.get,
        tags: ['api'],
        auth: false,
        cors: {
            headers: ['Authorization', 'Content-Type'],
            exposedHeaders: ['Authorization', 'Access-Control-Expose-Headers'],
        },
        handler: async function (request, h) {
            const hashedAccessToken = request.payload
            const { userService } = request.server.services()
            try {
                await userService.removeSession(hashedAccessToken)
                return {
                    ok: true,
                    handler: pluginConfig.handlerType,
                    data: {
                        sessionTokenIsRemoved: true,
                    },
                }
            } catch (err) {
                return {
                    ok: false,
                    handler: pluginConfig.handlerType,
                    data: { error: err.message },
                }
            }
        },
        validate: {
            failAction: 'log',
        },
        response: {
            schema: Joi.object({
                ok: Joi.bool(),
                handler: Joi.string(),
                data: Joi.object(),
            }).label('validate_session_res'),
            failAction: 'log',
        },
    },
}