const jsonwebtoken = require('jsonwebtoken');

module.exports = function (options) {
	return function jwt(req, res, next) {
		if('exclude' in options && options.exclude.includes(req.path)) {
			next();
			return;
		}

		if (req.headers && req.headers.authorization) {
			let parts = req.headers.authorization.split(' ');
			if (parts.length == 2) {
				let scheme = parts[0];
				let token = parts[1];
				if (/^Bearer$/i.test(scheme)) {
					jsonwebtoken.verify(token, options.secret, (error, decoded) => {
						if(error) {
							res.status(401).send({ success: false, error: error.message });
						} else {
							req.user = decoded;
							next();
						}
					});
				} else {
					res.status(401).send({ success: false, error: 'Unsupported authorization header' });
				}
			} else {
				res.status(401).send({ success: false, error: 'Invalid authorization header' });
			}
		} else {
			res.status(401).send({ success: false, error: 'Missing authorization header' });
		}
	};
};