const fs = require('fs');
const bodyParser = require('body-parser');
const jsonServer = require('json-server');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcrypt');
const path = require('path');
const scanPhoto = require('./scanphoto.js');

const SECRET_KEY = '123456789';
const expiresIn = '1h';

const server = jsonServer.create();

// Serve static files
server.use(jsonServer.defaults({
  static: path.join(__dirname, '../public')
}));

// Router
let router;
if (fs.existsSync('./api_v1/db.json')) {
  router = jsonServer.router('./api_v1/db.json');
} else {
  const initialData = fs.readFileSync('api_v1/initialDB.json', 'utf8');
  fs.writeFileSync('api_v1/db.json', initialData);
  router = jsonServer.router('./api_v1/db.json');
}

// Users DB
const userdb = JSON.parse(fs.readFileSync('./api_v1/users.json', 'UTF-8'));

server.use(bodyParser.urlencoded({ extended: true }));
server.use(bodyParser.json());

function createToken(payload) {
  return jwt.sign(payload, SECRET_KEY, { expiresIn });
}

function verifyToken(token) {
  return jwt.verify(token, SECRET_KEY, (err, decode) => decode || err);
}

function isAuthenticated({ email, password }) {
  return userdb.users.findIndex(
    user => user.email === email && bcrypt.compareSync(password, user.password)
  ) !== -1;
}

function azz() {
  const initialData = fs.readFileSync('api_v1/initialDB.json', 'utf8');
  fs.writeFileSync('api_v1/db.json', initialData);
  router.db.setState(JSON.parse(initialData));
  console.log('DB resettato');
}

// Home → public/index.html
server.get('/', (req, res) => {
  res.sendFile(path.resolve("public/index.html"));
});

// Scan photos
server.get('/scan', async (req, res) => {
  azz();
  await scanPhoto('./public/photos/original');
  console.log("Ricaricato");
  res.send({ status: 'Ricaricato' });
});

// Serve files
server.get('/files', (req, res) => {
  res.sendFile(path.resolve("public/" + req.query.file));
});

// Reset DB
server.get('/initDB', (req, res) => {
  const initialData = fs.readFileSync('api_v1/initialDB.json', 'utf8');
  fs.writeFileSync('api_v1/db.json', initialData);
  router.db.setState(JSON.parse(initialData));
  res.send({ status: 'DB resettato' });
});

// Login
server.post('/auth/login', (req, res) => {
  const { email, password } = req.body;

  if (!isAuthenticated({ email, password })) {
    return res.status(401).json({ status: 401, message: 'Incorrect email or password' });
  }

  const token = createToken({ email, password });
  res.status(200).json({ token });
});

// Auth middleware
server.use(/^(?!\/auth).*$/, (req, res, next) => {
  if (!req.headers.authorization || req.headers.authorization.split(' ')[0] !== 'Bearer') {
    return res.status(401).json({ status: 401, message: 'Bad authorization header' });
  }

  try {
    verifyToken(req.headers.authorization.split(' ')[1]);
    next();
  } catch (err) {
    res.status(401).json({ status: 401, message: 'Error: access_token is not valid' });
  }
});

// Mount router
server.use(router);

// Start server on 4000
server.listen(4000, () => {
  console.log('Auth API server running on port 4000 ...');
});