require("dotenv").config();
const express = require("express");
const bcrypt = require("bcrypt");
const jwt = require("jsonwebtoken");
const User = require("../models/User");
const { registerSchema, loginSchema } = require("../validation");
const validate = require('../middleware/validate');

const router = express.Router();
let refreshTokens = [];

const ACCESS_SECRET = process.env.ACCESS_SECRET;
const REFRESH_SECRET = process.env.REFRESH_SECRET;

// Register
router.post("/register", validate(registerSchema), async (req, res) => {
  const { error } = registerSchema.validate(req.body);
  if (error) return res.status(400).json({ error: error.details[0].message });

  const { username, email, password } = req.body;
  const existing = await User.findOne({ email });
  if (existing) return res.status(400).json({ error: "User already exists" });

  const hashed = await bcrypt.hash(password, 10);
  const user = new User({ username, email, password: hashed });
  await user.save();
  res.json({ message: "User registered" });
});

// Login
router.post("/login", async (req, res) => {
  const { error } = loginSchema.validate(req.body);
  if (error) return res.status(400).json({ error: error.details[0].message });

  const { email, password } = req.body;
  const user = await User.findOne({ email });
  if (!user || !(await bcrypt.compare(password, user.password)))
    return res.status(403).json({ error: "Invalid credentials" });

  const payload = { username: user.username, email: user.email };
  const accessToken = jwt.sign(payload, ACCESS_SECRET, { expiresIn: "15m" });
  const refreshToken = jwt.sign(payload, REFRESH_SECRET, { expiresIn: "30d" });

  refreshTokens.push(refreshToken);
  res.json({ accessToken, refreshToken });
});

// Refresh token
router.post("/token", (req, res) => {
  const { token } = req.body;
  if (!token || !refreshTokens.includes(token))
    return res.status(403).json({ error: "Invalid refresh token" });

  jwt.verify(token, REFRESH_SECRET, (err, user) => {
    if (err) return res.status(403).json({ error: "Token expired" });

    const accessToken = jwt.sign(
      { username: user.username, email: user.email },
      ACCESS_SECRET,
      { expiresIn: "15m" }
    );
    res.json({ accessToken });
  });
});

const authenticate = require("../middleware/auth");

router.get("/protected", authenticate, (req, res) => {
  res.json({ message: `Welcome ${req.user.username}!` });
});

module.exports = router;