'use strict';

exports = module.exports = {
    verifyToken
};

var assert = require('assert'),
    BoxError = require('./boxerror.js'),
    debug = require('debug')('box:accesscontrol'),
    tokens = require('./tokens.js'),
    users = require('./users.js');

const NOOP_CALLBACK = function (error) { if (error) debug(error); };

function verifyToken(accessToken, callback) {
    assert.strictEqual(typeof accessToken, 'string');
    assert.strictEqual(typeof callback, 'function');

    tokens.getByAccessToken(accessToken, function (error, token) {
        if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
        if (error) return callback(error);

        users.get(token.identifier, function (error, user) {
            if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
            if (error) return callback(error);

            if (!user.active) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));

            tokens.update(token.id, { lastUsedTime: new Date() }, NOOP_CALLBACK);

            callback(null, user);
        });
    });
}