import cookieParser from 'cookie-parser'
import cors from 'cors'
import express from 'express'
import createError from 'http-errors'
import logger from 'morgan'
import path from 'path'
import { fileURLToPath } from 'url'
import xss from 'xss-clean'

import indexRouter from './routes/index.js'
import postsRouter from './routes/posts.js'
import usersRouter from './routes/users.js'

const __filename = fileURLToPath(import.meta.url)
const __dirname = path.dirname(__filename)

const app = express()

// view engine setup
app.set('views', path.join(__dirname, 'views'))
app.set('view engine', 'jade')

app.use(cors())
app.options('*', cors())

app.use(logger('dev'))
app.use(express.json())
app.use(express.urlencoded({ extended: false }))
app.use(cookieParser())
app.use(express.static(path.join(__dirname, 'public')))
// Data sanitization against XSS
app.use(xss())

app.use('/', indexRouter)
app.use('/api/v1/users', usersRouter)
app.use('/api/v1/posts', postsRouter)

// catch 404 and forward to error handler
app.use(function (req, res, next) {
    next(createError(404))
})

// error handler
app.use(function (err, req, res, next) {
    // set locals, only providing error in development
    res.locals.message = err.message
    res.locals.error = req.app.get('env') === 'development' ? err : {}

    // render the error page
    res.status(err.status || 500)
    res.render('error')
})

export default app