const express = require('express');
const router = express.Router();
const {
  COOKIE_NAME,
  verify,
  createSessionCookie,
  clearSessionCookie,
} = require('../middleware/auth');

router.post('/login', (req, res) => {
  const password = process.env.APP_PASSWORD;
  if (!password) {
    return res.status(200).json({ ok: true });
  }
  const submitted = req.body?.password;
  if (submitted !== password) {
    return res.status(401).json({ error: 'Invalid password' });
  }
  const session = createSessionCookie();
  if (!session) {
    return res.status(500).json({ error: 'Auth not configured' });
  }
  const cookieOpts = { ...session.opts };
  if (cookieOpts.secure && !req.secure) cookieOpts.secure = false;
  res.cookie(COOKIE_NAME, session.token, cookieOpts);
  res.json({ ok: true });
});

router.post('/logout', (req, res) => {
  res.cookie(COOKIE_NAME, '', clearSessionCookie());
  res.status(204).send();
});

router.get('/me', (req, res) => {
  if (!process.env.APP_PASSWORD) {
    return res.status(200).json({ ok: true });
  }
  const cookie = req.headers.cookie || '';
  const match = cookie.match(new RegExp(`${COOKIE_NAME}=([^;]+)`));
  const token = match ? match[1].trim() : null;
  if (!token || !verify(token)) {
    return res.status(401).json({ error: 'Unauthorized' });
  }
  res.json({ ok: true });
});

module.exports = router;