import MongoStore from "connect-mongo";
import session from "express-session";
import { mongooseDbName, mongoURI } from "../database/mongoose.js";
import userModel from "../schemas/userModel.js";
const sessionConf = {
    secret: process.env.SESSION_SECRET || "super duper secret string.",
    cookie: {
        expires: process.env.SESSION_TIMEOUT || 300000,
        httpOnly: true,
    },
    saveUninitialized: false,
    resave: false,
};
if (process.env.NODE_ENV === "production") {
    sessionConf.cookie.secure = true;
    sessionConf.store = MongoStore.create({ mongoUrl: mongoURI, dbName: mongooseDbName });
}
export const userSession = session(sessionConf);

export async function authenticationGuard(req, res, next) {
    if (req.session.userId) {
        req.user = await userModel.findById(req.session.userId);
        next();
    } else {
        res.status(401).send("Not authorized.");
        return;
    }
}

// TODO: Authentication
// TODO: Identity
// TODO: Authority