// auth-server/index.js
const path = require('path');
require('dotenv').config({ path: path.join(__dirname, '.env') });
const express = require('express');
const cors = require('cors');
const cookieParser = require('cookie-parser');
const jwt = require('jsonwebtoken');

// Debug environment variables
console.log('Environment variables loaded from:', path.join(__dirname, '.env'));
console.log('Current directory:', __dirname);
console.log('Available env vars:', Object.keys(process.env));

const app = express();
const PORT = process.env.PORT || 3003;
const JWT_SECRET = process.env.JWT_SECRET;
const DASHBOARD_PASSWORD = process.env.DASHBOARD_PASSWORD;

// Validate required environment variables
if (!JWT_SECRET || !DASHBOARD_PASSWORD) {
  console.error('Missing required environment variables:');
  if (!JWT_SECRET) console.error('- JWT_SECRET');
  if (!DASHBOARD_PASSWORD) console.error('- DASHBOARD_PASSWORD');
  process.exit(1);
}

// Middleware
app.use(express.json());
app.use(cookieParser());

// Configure CORS
const corsOptions = {
  origin: function(origin, callback) {
    const allowedOrigins = [
      'http://localhost:3000',
      'https://dashboard.kent.pw'
    ];
    
    console.log('CORS check for origin:', origin);
    
    // Check if origin is allowed
    if (!origin || allowedOrigins.indexOf(origin) !== -1) {
      callback(null, true);
    } else {
      callback(new Error('Not allowed by CORS'));
    }
  },
  credentials: true,
  methods: ['GET', 'POST', 'OPTIONS'],
  allowedHeaders: ['Content-Type', 'Authorization', 'Cookie', 'Accept'],
  exposedHeaders: ['Set-Cookie']
};

app.use(cors(corsOptions));
app.options('*', cors(corsOptions));

// Debug logging
app.use((req, res, next) => {
  console.log(`${new Date().toISOString()} ${req.method} ${req.url}`);
  console.log('Headers:', req.headers);
  console.log('Cookies:', req.cookies);
  next();
});

// Health check endpoint
app.get('/health', (req, res) => {
  res.json({ 
    status: 'ok',
    timestamp: new Date().toISOString()
  });
});

// Auth endpoints
app.post('/login', (req, res) => {
  console.log('Login attempt received');
  console.log('Request body:', req.body);
  console.log('Origin:', req.headers.origin);
  
  const { password } = req.body;
  
  if (!password) {
    console.log('No password provided');
    return res.status(400).json({
      success: false,
      message: 'Password is required'
    });
  }

  console.log('Comparing passwords...');
  console.log('Provided password length:', password.length);
  console.log('Expected password length:', DASHBOARD_PASSWORD.length);
  
  if (password === DASHBOARD_PASSWORD) {
    console.log('Password matched');
    const token = jwt.sign({ authorized: true }, JWT_SECRET, {
      expiresIn: '24h'
    });

    // Determine if request is from localhost
    const isLocalhost = req.headers.origin?.includes('localhost');
    
    const cookieOptions = {
      httpOnly: true,
      secure: !isLocalhost,
      sameSite: isLocalhost ? 'lax' : 'none',
      path: '/',
      maxAge: 24 * 60 * 60 * 1000 // 24 hours
    };

    // Add domain only for production
    if (!isLocalhost) {
      cookieOptions.domain = '.kent.pw';
    }

    console.log('Setting cookie with options:', cookieOptions);
    res.cookie('token', token, cookieOptions);
    
    console.log('Response headers:', res.getHeaders());
    res.json({ 
      success: true,
      debug: { 
        origin: req.headers.origin,
        cookieOptions 
      }
    });
  } else {
    console.log('Password mismatch');
    res.status(401).json({
      success: false,
      message: 'Invalid password'
    });
  }
});

// Modify the check endpoint to log more info
app.get('/check', (req, res) => {
  console.log('Auth check received');
  console.log('All cookies:', req.cookies);
  console.log('Headers:', req.headers);
  
  const token = req.cookies.token;
  
  if (!token) {
    console.log('No token found in cookies');
    return res.status(401).json({ 
      authenticated: false,
      error: 'no_token' 
    });
  }

  try {
    const decoded = jwt.verify(token, JWT_SECRET);
    console.log('Token verified successfully:', decoded);
    res.json({ authenticated: true });
  } catch (err) {
    console.log('Token verification failed:', err.message);
    res.status(401).json({ 
      authenticated: false,
      error: 'invalid_token',
      message: err.message
    });
  }
});

app.post('/logout', (req, res) => {
  const isLocalhost = req.headers.origin?.includes('localhost');
  const cookieOptions = {
    httpOnly: true,
    secure: !isLocalhost,
    sameSite: isLocalhost ? 'lax' : 'none',
    path: '/',
    domain: isLocalhost ? undefined : '.kent.pw'
  };
  
  console.log('Clearing cookie with options:', cookieOptions);
  res.clearCookie('token', cookieOptions);
  res.json({ success: true });
});

// Error handling middleware
app.use((err, req, res, next) => {
  console.error('Server error:', err);
  res.status(500).json({ 
    success: false, 
    message: 'Internal server error',
    error: err.message 
  });
});

// Start server
app.listen(PORT, () => {
  console.log(`Auth server running on port ${PORT}`);
  console.log('Environment:', process.env.NODE_ENV);
  console.log('CORS origins:', corsOptions.origin);
  console.log('JWT_SECRET length:', JWT_SECRET?.length);
  console.log('DASHBOARD_PASSWORD length:', DASHBOARD_PASSWORD?.length);
});