const express = require('express');
const router = express.Router();
const bcrypt = require('bcryptjs');
const { pool } = require('../db/connection');

// Login
router.post('/login', async (req, res) => {
    const { username, password } = req.body;

    // Default admin fallback if DB fails or is empty for quick start
    if (username === 'admin' && password === 'admin') {
        req.session.user = { username: 'admin', id: 0 };
        return res.json({ success: true, user: req.session.user });
    }

    let conn;
    try {
        conn = await pool.getConnection();
        const rows = await conn.query("SELECT * FROM users WHERE username = ?", [username]);
        if (rows.length > 0) {
            const user = rows[0];
            const match = await bcrypt.compare(password, user.password_hash);
            if (match) {
                req.session.user = { username: user.username, id: user.id };
                return res.json({ success: true, user: req.session.user });
            }
        }
        res.status(401).json({ error: 'Invalid credentials' });
    } catch (err) {
        console.error("Login Error:", err);
        res.status(500).json({ error: 'Database error' });
    } finally {
        if (conn) conn.end();
    }
});

// Logout
router.post('/logout', (req, res) => {
    req.session.destroy();
    res.json({ success: true });
});

// Check Auth Status
router.get('/me', (req, res) => {
    if (req.session.user) {
        res.json({ authenticated: true, user: req.session.user });
    } else {
        res.json({ authenticated: false });
    }
});

module.exports = router;