const express = require("express");
const jwt = require("jsonwebtoken");
const { User } = require("../models");
const { authenticate } = require("../middleware/auth");

const router = express.Router();

// Login
router.post("/login", async (req, res) => {
  try {
    const { username, password } = req.body;
    const user = await User.findOne({ where: { username } });
    if (!user || !(await user.checkPassword(password))) {
      return res.status(400).json({ message: "Invalid credentials" });
    }

    const token = jwt.sign(
      { id: user.id, role: user.role },
      process.env.JWT_SECRET,
      { expiresIn: "1h" }
    );
    res.json({
      token,
      user: { id: user.id, username: user.username, role: user.role },
    });
  } catch (error) {
    res.status(500).json({ message: "Server error" });
  }
});

// Get current user
router.get("/me", authenticate, async (req, res) => {
  res.json({
    user: { id: req.user.id, username: req.user.username, role: req.user.role },
  });
});

module.exports = router;