const debug=require('debug')('debug');

//start
debug('api start...');

require('dotenv').config();
const HELMET = require('helmet');
const COMPRESSION = require('compression');

const EXPRESS = require("express");
const CORS = require("cors");

const ROOTROUTER = require('./route/root');
const BUS_STOPS_COUNT = require('./route/bus-stops-count');

//TODO make this list available via config
//limit access to this origin list
let whitelist = [
    'http(s)://foo.bar'
];

const APP = EXPRESS();

//compress all routes
APP.use(COMPRESSION());

//protect against vulnerabilities
APP.use(HELMET());

//configure CORS
APP.use(CORS({
    origin: function(origin, callback){
        // allow requests with no origin
        debug('origin: '+origin)
        if(!origin){
            return callback(null, true);
        }
        if(whitelist.indexOf(origin) === -1){
            let message = 'The CORS policy for this origin does not allow access from the particular origin: '+origin;
            return callback(new Error(message), false);
        }
        debug('origin: '+origin+' allowed by CORS');
        return callback(null, true);
    }
}));

//api enable/disable?
APP.use('/', ROOTROUTER);
APP.use('/bus-stops-count',BUS_STOPS_COUNT);

module.exports=APP;

//end
debug('api done..');