import express from "express";
import cookieParser from "cookie-parser";
import bcrypt from "bcrypt";
import fs from "fs";
import crypto from "crypto";

const USERS = JSON.parse(fs.readFileSync("./users.json"));
const SESSIONS = {};   // in-memory session store

const app = express();
app.use(express.json());
app.use(cookieParser());

app.post("/api/login", async (req,res)=>{
    const { user, pass } = req.body;
    
    console.log(`Auth-Service login attempt for ${user}`);

    const hash = USERS[user];
    if(!hash) return res.status(401).send({ ok:false });

    const valid = await bcrypt.compare(pass, hash);
    if(!valid) return res.status(401).send({ ok:false });

    // create secure random session
    const sessionID = crypto.randomBytes(32).toString("hex");
    SESSIONS[sessionID] = {
        user,
        created: Date.now()
    };

    res.cookie("SESSIONID", sessionID, {
        httpOnly: true,
        secure: true,
        domain: ".server.schooltech.ch",
        sameSite: "None",
        path: "/"
    });

    res.status(200).send({ ok:true });
});

// Logout endpoint
app.post("/api/logout", (req, res) => {
    const sid = req.cookies.SESSIONID;
    if (sid && SESSIONS[sid]) {
        delete SESSIONS[sid];
    }
    // Cookie löschen
    res.clearCookie("SESSIONID", {
        httpOnly: true,
        secure: true,
        domain: ".server.schooltech.ch",
        sameSite: "None",
        path: "/"
    });
    return res.status(200).send({ ok: true });
});

// Event logging endpoint for frontend button presses
app.post('/api/event', (req,res)=>{
    const svc = req.body.service || req.body.action || 'unknown';
    const user = req.cookies.SESSIONID || 'anonymous';

    console.log(`Event: user=${user} service=${svc} payload=${JSON.stringify(req.body)}`);
    res.status(200).send({ ok:true });
});

// Optional für Nginx auth_request
app.get("/internal/auth", (req,res)=>{
    const sid = req.cookies.SESSIONID;
    if (sid && SESSIONS[sid]) {
        return res.sendStatus(200);
    }
    return res.sendStatus(401);
});

// Status endpoint (unter /api so dass Nginx /api/ auf appserverauth proxyt)
app.get("/api/status", (req, res) => {
    const sid = req.cookies.SESSIONID;
    if (sid && SESSIONS[sid]) {
        return res.status(200).send({ ok: true, user: SESSIONS[sid].user });
    }
    return res.status(401).send({ ok: false });
});

app.listen(3000, ()=>console.log("Auth-Service läuft auf 3000"));