import axios from "axios";
import { Request, Response } from "express";
import { Route, RouteMessages } from "server";
import { PROXY_SECRET } from "../secrets";

export default class ProxyRoute extends Route {
  constructor() {
    super({ path: "/proxy" });
  }

  async handle(req: Request, res: Response) {
    const json = req.body;
    const secret = json.secret;
    if (!secret) {
      res.status(401).json(RouteMessages.badRequest("No secret provided"));
      return;
    }
    if (secret !== PROXY_SECRET) {
      res.status(401).json(RouteMessages.badRequest("Invalid secret"));
      return;
    }

    const url = json.url;
    if (!url) {
      res.status(400).json(RouteMessages.badRequest("No URL provided"));
      return;
    }
    // TODO: handle rate limiting? and/or caching?
    const response = await axios.get(url, {
      headers: {
        "Content-Type": "application/json",
      },
    });
    const data = response.data;
    const headers = response.headers;

    // Is delete the best way to do this??
    // Remove CORS headers
    delete headers["access-control-allow-origin"];
    delete headers["access-control-allow-credentials"];
    delete headers["access-control-allow-headers"];
    delete headers["access-control-allow-methods"];

    // Cloudflare headers
    delete headers["server"];
    delete headers["nel"];
    delete headers["report-to"];
    delete headers["cf-cache-status"];
    delete headers["cf-ray"];
    delete headers["alt-svc"];

    // Return the JSON response
    res.status(response.status).set(headers).json(data);
  }
}