class ApiMixesController < ApiController

  # This must be present on requests from the cron to prevent hackers from
  # hitting these routes.
  CRON_TOKEN = "2kkl39sjjf3ijdsflje2923j"

  before_filter :api_signed_in_user, :only => [ :schedule ]
  before_filter :require_cron_token, :only => [ :next, :finish ]
  before_filter :look_up_mix, :only => [ :finish ]

  respond_to :json

  
  def next
    begin
      mix = Mix.next(params[:server])
      respond_with responder: ApiResponder, :status => 204 if mix.nil?
      render :json => { :id => mix.id, :manifest => mix.manifest, :destination => mix.s3_url }, :status => 200
    rescue
     render :json => { :message => "next mix could not be found" }, :status => 403
    end
  end


  def download
    @mix = Mix.find(params[:id])
    raise JamPermissionError, "You can only download a mix you have claimed" unless @mix.can_download? current_user

    @mix.current_user = current_user
    @mix.update_download_count

    @mix.valid?
    if !@mix.errors.any?
      @mix.save!
      redirect_to @mix.sign_url(120, 'ogg', false) # !is_native_client? # no header to indicate this
    else
      render :json => { :message => "download limit surpassed" }, :status => 404
    end
  end

  private

  def look_up_mix
    @mix = Mix.find(params[:id])
    if @mix.nil? || (!@is_cron && @mix.owner_id != current_user.id)
      render :json => { :message => "mix not found" }, :status => 404 
    end
  end
  
  def require_cron_token
    render :json => { :message => "bad token" }, :status => 403 unless params[:token] == CRON_TOKEN
    @is_cron = true
  end

end