require('dotenv').config({ path: require('path').join(__dirname, '..', '.env') });
const express = require('express');
const cookieParser = require('cookie-parser');
const path = require('path');
const helmet = require('helmet');
const rateLimit = require('express-rate-limit');

const authRouter = require('./routes/auth');
const { authMiddleware } = require('./middleware/auth');
const productsRouter = require('./routes/products');
const customersRouter = require('./routes/customers');
const ordersRouter = require('./routes/orders');
const dashboardRouter = require('./routes/dashboard');
const reportsRouter = require('./routes/reports');

const app = express();
const PORT = process.env.PORT || 3002;

app.set('trust proxy', 1);

app.use(helmet());

if (process.env.NODE_ENV !== 'production') {
  const cors = require('cors');
  app.use(cors({ origin: 'http://localhost:5173', credentials: true }));
}

app.use(express.json());
app.use(cookieParser());

const apiLimiter = rateLimit({
  windowMs: 60 * 1000,
  max: 100,
  standardHeaders: true,
  legacyHeaders: false,
});
app.use('/api', apiLimiter);

app.use('/api/auth', authRouter);
app.use('/api', authMiddleware);
app.use('/api/products', productsRouter);
app.use('/api/customers', customersRouter);
app.use('/api/orders', ordersRouter);
app.use('/api/dashboard', dashboardRouter);
app.use('/api/reports', reportsRouter);

// 404 for unmatched API routes
app.use('/api', (req, res) => {
  res.status(404).json({ error: 'Not found' });
});

if (process.env.NODE_ENV === 'production') {
  const clientDist = path.join(__dirname, '..', 'client', 'dist');
  app.use(express.static(clientDist));

  // Whitelist known client-side routes for SPA fallback.
  // Everything else returns a real 404.
  const spaRoutes = /^\/($|inventory$|customers$|orders($|\/new$|\/\d+$)|restock$|reports$)/;
  app.get('*', (req, res) => {
    if (spaRoutes.test(req.path)) {
      return res.sendFile(path.join(clientDist, 'index.html'));
    }
    res.status(404).end();
  });
}

// Global error handler
app.use((err, req, res, next) => {
  console.error(err.stack || err.message || err);
  if (res.headersSent) return next(err);
  res.status(500).json({ error: process.env.NODE_ENV === 'production' ? 'Internal server error' : err.message });
});

process.on('unhandledRejection', (reason) => {
  console.error('Unhandled rejection:', reason);
});

app.listen(PORT, () => {
  console.log(`Server running on http://localhost:${PORT}`);
});