'use strict';

var BadRequestError = require('restify-errors').BadRequestError;
var assert = require('assert-plus');

///--- API

/**
 * Prevents `req.urls` non-strict key-value query params
 *
 * The Request-URI is transmitted in the format specified in section 3.2.1.
 * If the Request-URI is encoded using the "% HEX HEX" encoding [42],
 * the origin server MUST decode the Request-URI
 * in order to properly interpret the request.
 * Servers SHOULD respond to invalid Request-URIs
 * with an appropriate status code.
 *
 * part of Hypertext Transfer Protocol -- HTTP/1.1 | 5.1.2 Request-URI
 * RFC 2616 Fielding, et al.
 *
 * @public
 * @function strictQueryParams
 * @param    {Object}   [options] - an options object
 * @param    {String}   [options.message] - a custom error message
 *                              default value:
 *                              "Url query params does not meet strict format"
 * @returns  {Function} Handler
 */
function strictQueryParams(options) {
    var opts = options || {};
    assert.optionalObject(opts, 'options');
    assert.optionalString(opts.message, 'options.message');

    function _strictQueryParams(req, res, next) {
        var keyValQParams = !/(\&(?!(\w+=\w+)))/.test(req.url);

        if (!keyValQParams) {
            var msg = opts.message
                ? opts.message
                : 'Url query params does not meet strict format';
            return next(new BadRequestError(msg));
        }

        return next();
    }

    return _strictQueryParams;
}

///--- Exports

module.exports = strictQueryParams;