require('dotenv').config(); // โหลดค่าตัวแปรจากไฟล์ .env

const express = require('express');
const mysql = require('mysql2/promise');
const bcrypt = require('bcryptjs');
const session = require('express-session');
const cookieParser = require('cookie-parser');
const path = require('path');


const app = express();

// Middleware สำหรับ parse cookie และ JSON
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use(cookieParser());

// Session configuration
app.use(session({
    secret: process.env.DB_SESSION || 'melon',
    resave: false,
    saveUninitialized: true,
    cookie: {
        secure: process.env.NODE_ENV === 'production', 
        httpOnly: true,
        maxAge: 1000 * 60 * 60 * 24
    }
}));

// Database configuration
const pool = mysql.createPool({
    host: process.env.DB_HOST || "10.104.20.74",
    port: process.env.DB_PORT || "3306",
    user: process.env.DB_USER || "root",
    password: process.env.DB_PASSWORD || "TNSypb73606",
    database: process.env.DB_NAME || "project",
    waitForConnections: true,
    connectionLimit: 10,
    queueLimit: 0
});

// ทดสอบการเชื่อมต่อกับฐานข้อมูล
pool.getConnection()
    .then(connection => {
        console.log('✅ Database connected successfully!');
        connection.release();
    })
    .catch(err => {
        console.error('❌ Database connection failed:', err);
        process.exit(1); // หยุดโปรแกรมหากเชื่อมต่อไม่สำเร็จ
    });

// Static file serving
app.use(express.static(path.join(__dirname, 'public')));

// Session และ routes
app.get('/', (req, res) => {
    if (req.session.user) {
        res.locals.user = req.session.user;  // ส่งข้อมูล user จาก session ไปยัง template
        res.sendFile(path.join(__dirname, 'public', 'index.html'));
    } else {
        res.redirect('/login');
    }
});

// Routes สำหรับ login และ register
app.get('/login', (req, res) => res.sendFile(path.join(__dirname, 'public', 'login.html')));
app.get('/register', (req, res) => res.sendFile(path.join(__dirname, 'public', 'register.html')));
app.get('/post-product', (req, res) => res.sendFile(path.join(__dirname, 'public', 'post-product.html')));

// Logout route
app.get('/logout', (req, res) => {
    req.session.destroy((err) => {
        if (err) {
            console.error('Logout error:', err);
            return res.status(500).send('Logout failed');
        }
        res.redirect('/login');
    });
});

// User Registration
app.post('/register', async (req, res) => {
    const { email, password } = req.body;
    if (!email || !password) return res.status(400).json({ error: 'All fields are required' });

    try {
        const [existingUser] = await pool.query('SELECT * FROM users WHERE email = ?', [email]);

        if (existingUser.length > 0) return res.status(400).json({ error: 'Email already exists' });

        const hashedPassword = await bcrypt.hash(password, 10);
        await pool.query('INSERT INTO users (email, password) VALUES (?, ?)', [email, hashedPassword]);

        res.redirect('/login');
    } catch (error) {
        console.error('❌ Registration failed:', error);
        res.status(500).json({ error: 'Registration failed' });
    }
});

// User Login
app.post('/login', async (req, res) => {
    const { email, password } = req.body;

    try {
        const connection = await pool.getConnection();
        const [rows] = await connection.query('SELECT * FROM users WHERE email = ?', [email]);
        connection.release();

        if (rows.length > 0) {
            const match = await bcrypt.compare(password, rows[0].password);
            if (match) {
                req.session.user = { id: rows[0].user_id, email: rows[0].email };
                res.redirect('/');
            } else {
                res.status(400).send('Invalid password');
            }
        } else {
            res.status(400).send('User not found');
        }
    } catch (err) {
        console.error('Login error:', err);
        res.status(500).send('Login failed');
    }
});

app.get('/api/getUser', (req, res) => {
    if (req.session.user) {
        res.json({
            email: req.session.user.email  // ส่งข้อมูล email จาก session
        });
    } else {
        res.status(401).send('User not logged in');
    }
});

// Fetch products of logged-in user
app.get('/api/user/products', (req, res) => {
    if (!req.session.user) {
        return res.status(401).send('User not logged in');
    }

    const userId = req.session.user.id;
    pool.query('SELECT * FROM products WHERE user_id = ?', [userId], (err, results) => {
        if (err) return res.status(500).send('Error fetching user products');
        res.json(results);
    });
});

// Fetch all products
app.get('/api/products', (req, res) => {
    pool.query('SELECT * FROM products', (err, results) => {
        if (err) return res.status(500).send('Error fetching products');
        res.json(results);
    });
});

// Start server
const port = process.env.PORT || 3000;
app.listen(port, () => {
    console.log(`🚀 Server started on port ${port}`);
});