import express from "express";
import cookieParser from "cookie-parser";
import bcrypt from "bcrypt";
import fs from "fs";
import crypto from "crypto";

const USERS = JSON.parse(fs.readFileSync("./users.json"));
const SESSIONS = {};   // in-memory session store

const app = express();
app.use(express.json());
app.use(cookieParser());

app.post("/api/login", async (req,res)=>{
    const { user, pass } = req.body;
    
    console.log(`Auth-Service login attempt for ${user}`);

    const hash = USERS[user];
    if(!hash) return res.status(401).send({ ok:false });

    const valid = await bcrypt.compare(pass, hash);
    if(!valid) return res.status(401).send({ ok:false });

    // create secure random session
    const sessionID = crypto.randomBytes(32).toString("hex");
    SESSIONS[sessionID] = {
        user,
        created: Date.now()
    };

    res.cookie("SESSIONID", sessionID, {
        httpOnly: true,
        secure: true,
        domain: ".server.schooltech.ch",
        sameSite: "None",
        path: "/"
    });

    res.status(200).send({ ok:true });
});

// Event logging endpoint for frontend button presses
app.post('/api/event', (req,res)=>{
    const svc = req.body.service || req.body.action || 'unknown';
    const user = req.cookies.SESSIONID || 'anonymous';

    console.log(`Event: user=${user} service=${svc} payload=${JSON.stringify(req.body)}`);
    res.status(200).send({ ok:true });
});

// Optional für Nginx auth_request
app.get("/internal/auth", (req,res)=>{
    if(req.cookies.SESSIONID) return res.sendStatus(200);
    return res.sendStatus(401);
});

app.listen(3000, ()=>console.log("Auth-Service läuft auf 3000"));