'use strict';

exports = module.exports = {
    verifyToken
};

const assert = require('assert'),
    BoxError = require('./boxerror.js'),
    safe = require('safetydance'),
    tokens = require('./tokens.js'),
    users = require('./users.js');

async function verifyToken(accessToken) {
    assert.strictEqual(typeof accessToken, 'string');

    const token = await tokens.getByAccessToken(accessToken);
    if (!token) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'No such token');

    const user = await users.get(token.identifier);
    if (!user) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'User not found');
    if (!user.active) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'User not active');

    await safe(tokens.update(token.id, { lastUsedTime: new Date() })); // ignore any error

    return user;
}