'use strict';

exports = module.exports = {
    verifyToken
};

const assert = require('assert'),
    BoxError = require('./boxerror.js'),
    safe = require('safetydance'),
    tokens = require('./tokens.js'),
    users = require('./users.js'),
    util = require('util');

const userGet = util.promisify(users.get);

async function verifyToken(accessToken) {
    assert.strictEqual(typeof accessToken, 'string');

    const token = await tokens.getByAccessToken(accessToken);
    if (!token) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'No such token');

    const [error, user] = await safe(userGet(token.identifier));
    if (error && error.reason === BoxError.NOT_FOUND) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'User not found');
    if (error) throw error;

    if (!user.active) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'User not active');

    await safe(tokens.update(token.id, { lastUsedTime: new Date() })); // ignore any error

    return user;
}