const express = require("express");
const { MongoClient, ObjectId } = require("mongodb");
const cors = require("cors");
const bcrypt = require("bcryptjs");
const jwt = require("jsonwebtoken");


const app = express();
app.use(express.json());
app.use(cors());

const url = "mongodb://localhost:27017";
const client = new MongoClient(url);

let users;

async function connectDB() {
  await client.connect();
  const db = client.db("kamludb");
  users = db.collection("users");
  console.log("MongoDB Connected");
}

connectDB();







function verifyToken(req, res, next) {
  const authHeader = req.headers.authorization;

  if (!authHeader) {
    return res.status(401).send({ message: "Token missing" });
  }

  const token = authHeader.split(" ")[1];

  jwt.verify(token, SECRET, (err, decoded) => {
    if (err) {
      return res.status(403).send({ message: "Invalid token" });
    }

    req.user = decoded;
    next();
  });
}


app.get("/users", verifyToken ,async (req, res) => {
  const data = await users.find().toArray();
  res.send(data);
});




app.post("/signup", async (req, res) => {
  const { email, password } = req.body;

  // check already exists
  const oldUser = await users.findOne({ email });
  if (oldUser) {
    return res.status(400).send({ message: "User already exists" });
  }

  // password hash
  const hashedPassword = await bcrypt.hash(password, 10);

  // save user
  await users.insertOne({
    email,
    password: hashedPassword
  });

  res.send({ message: "Signup successful" });
});




const SECRET = "mysecretkey"; // later .env me

app.post("/login", async (req, res) => {
  const { email, password } = req.body;

  // user check
  const user = await users.findOne({ email });

  if (!user) {
    return res.status(400).send({ message: "User not found" });
  }

  // password check
  const isMatch = await bcrypt.compare(password, user.password);

  if (!isMatch) {
    return res.status(400).send({ message: "Invalid password" });
  }

  // token create
  const token = jwt.sign(
    { id: user._id, email: user.email },
    SECRET,
    { expiresIn: "1d" }
  );

  res.send({
    message: "Login success",
    token: token
  });
});












app.listen(3000, () => {
  console.log("Server running on port 3000");
});