const express = require('express');
const bodyParser = require('body-parser');
const cors = require('cors');
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');

const app = express();
const PORT = 5000;

const SECRET_KEY = 'your_jwt_secret'; // Replace with your actual secret key

// Middleware
app.use(bodyParser.json());
app.use(cors());

// Dummy user data
const users = [
  {
    id: 1,
    username: 'admin',
    password: '$2a$10$0chEQ/BjpmW2W9J1aA/BNOwF0aeFSBg4IAXnPjjLzSnQmXagdIzra', // hashed password for 'password123'
  },
];

const authenticateJWT = (req, res, next) => {
  const token = req.header('Authorization').split(' ')[1];
  if (!token) {
    return res.status(403).json({ message: 'Forbidden' });
  }

  jwt.verify(token, SECRET_KEY, (err, user) => {
    if (err) {
      return res.status(403).json({ message: 'Forbidden' });
    }

    req.user = user;
    next();
  });
};

// Login route
app.post('/login', async (req, res) => {
  const { username, password } = req.body;
  console.log('Login attempt:', username, password);

  const user = users.find((user) => user.username === username);
  if (!user) {
    console.log('User not found');
    return res.status(401).json({ message: 'Invalid credentials' });
  }

  const isPasswordValid = await bcrypt.compare(password, user.password);
  console.log('Password valid:', isPasswordValid);
  if (!isPasswordValid) {
    console.log('Invalid password');
    return res.status(401).json({ message: 'Invalid credentials' });
  }

  const token = jwt.sign({ id: user.id }, SECRET_KEY, { expiresIn: '1h' });
  console.log('Token generated:', token);
  res.json({ token });
});

// Protected route example
app.get('/admin', authenticateJWT, (req, res) => {
  res.json({ message: 'Welcome to the admin panel' });
});

app.listen(PORT, () => {
  console.log(`Server running on http://localhost:${PORT}`);
});