const express = require('express');
const router = express.Router();
const Settings = require('../models/Settings');
const authMiddleware = require('../middleware/auth');

// GET settings
router.get('/', async (req, res) => {
    try {
        let settings = await Settings.findOne({ key: 'global' });
        if (!settings) {
            settings = await Settings.create({ key: 'global' });
        }
        res.json(settings);
    } catch (err) {
        res.status(500).json({ error: err.message });
    }
});

// PUT update settings (admin)
router.put('/', authMiddleware, async (req, res) => {
    try {
        const settings = await Settings.findOneAndUpdate(
            { key: 'global' },
            req.body,
            { new: true, upsert: true }
        );
        res.json(settings);
    } catch (err) {
        res.status(400).json({ error: err.message });
    }
});

// POST admin login
router.post('/admin-login', async (req, res) => {
    try {
        const settings = await Settings.findOne({ key: 'global' });
        const adminPass = settings ? settings.adminPassword : 'admin';
        if (req.body.password === adminPass) {
            // Issuing JWT token
            const jwt = require('jsonwebtoken');
            const secret = process.env.JWT_SECRET || 'fallback_secret_for_dev_only';
            const token = jwt.sign(
                { role: 'admin' },
                secret,
                { expiresIn: '7d' } // Token expires in 7 days
            );
            res.json({ success: true, token });
        } else {
            res.status(401).json({ success: false, message: 'Parol noto\'g\'ri' });
        }
    } catch (err) {
        res.status(500).json({ error: err.message });
    }
});

module.exports = router;