const express = require('express');
const bcrypt = require('bcrypt');
const jwt = require('jsonwebtoken');
const db = require('../db');

const router = express.Router();
const JWT_SECRET = process.env.JWT_SECRET || 'clouddisk-secret-key';

// Register
router.post('/register', async (req, res) => {
  try {
    const { username, password, email } = req.body;
    
    // Check if user exists
    const existingUser = db.query('SELECT id FROM users WHERE username = ?', [username]);
    if (existingUser.length > 0) {
      return res.status(400).json({ error: 'Username already exists' });
    }
    
    // Hash password
    const passwordHash = await bcrypt.hash(password, 10);
    
    // Create user
    const result = db.run(
      'INSERT INTO users (username, password_hash, email, storage_limit) VALUES (?, ?, ?, ?)',
      [username, passwordHash, email, 10 * 1024 * 1024 * 1024] // 10GB
    );
    
    const token = jwt.sign({ userId: result.lastInsertRowid }, JWT_SECRET);
    res.json({ token, userId: result.lastInsertRowid });
  } catch (error) {
    res.status(500).json({ error: error.message });
  }
});

// Login
router.post('/login', async (req, res) => {
  try {
    const { username, password } = req.body;
    
    const user = db.query('SELECT * FROM users WHERE username = ?', [username]);
    if (user.length === 0) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }
    
    const validPassword = await bcrypt.compare(password, user[0].password_hash);
    if (!validPassword) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }
    
    const token = jwt.sign({ userId: user[0].id }, JWT_SECRET);
    res.json({ 
      token, 
      user: { 
        id: user[0].id, 
        username: user[0].username, 
        email: user[0].email,
        storageUsed: user[0].storage_used,
        storageLimit: user[0].storage_limit
      }
    });
  } catch (error) {
    res.status(500).json({ error: error.message });
  }
});

// Get current user
router.get('/me', (req, res) => {
  const token = req.headers.authorization?.replace('Bearer ', '');
  if (!token) {
    return res.status(401).json({ error: 'No token provided' });
  }
  
  try {
    const decoded = jwt.verify(token, JWT_SECRET);
    const user = db.query('SELECT id, username, email, storage_used, storage_limit FROM users WHERE id = ?', [decoded.userId]);
    if (user.length === 0) {
      return res.status(404).json({ error: 'User not found' });
    }
    res.json({ user: user[0] });
  } catch (error) {
    res.status(401).json({ error: 'Invalid token' });
  }
});

module.exports = router;