const express = require('express');
const router = express.Router();
const handler = require('express-async-handler');
const content = require('../helpers/content');

const crypto = require('crypto');

const { MAXFILES, APP_DEBUG, RATE_LIMIT } = process.env;

var ratelimits = {};

async function upload(req, res) {

    let rate_lim = ratelimits[req.ip];

    if (rate_lim)
        if (Date.now() - rate_lim < RATE_LIMIT) {
            res.status(503).send('You are being rate limited.');
            return;
        }

    if (req.body['_csrf'] != req.session.csrf) {
        res.status(405).send('CSRF error');
        return;
    }

    if (!req.body[req.session.captcha_input]) {
        res.status(405).send('Captcha error; please go back and refresh the page a few times.');
        return;
    }

    if ((req.body[req.session.captcha_input] != req.session.captcha) | APP_DEBUG) {
        res.status(405).send('Bad captcha');
        return;
    }

    req.session.captcha = crypto.randomBytes(8).toString('base64').substring(0,6);

    if (content.submitted() >= MAXFILES) {
        res.status(405).send('Not allowed');
        return;
    }

    const data = req.body.text;

    if (data.length < 8) {
        res.send('Too short');
        return;
    }

    ratelimits[req.ip] = Date.now();
    const id = await content.create(data);
    res.redirect(
        '/view?id=' + encodeURIComponent(id)
    );

    req.session.last_text = '';
}

router.post('/upload', handler(upload));

module.exports = router;