// src/server.js
require('dotenv').config();
const express = require('express');
const mongoose = require('mongoose');
const cors = require('cors');
const helmet = require('helmet');
const morgan = require('morgan'); // Logger

// Import Routes 
const authRoutes = require('./routes/auth.routes'); 
const { optionalAuth } = require('./middlewares/auth.middleware');
const reviewRoutes = require('./routes/review.routes');
const mediaRoutes = require('./routes/media.routes');

const app = express();
const PORT = process.env.PORT || 7860; // HF Spaces defaults to 7860

// 1. Middlewares (Brutale Security Stack)
app.use(express.json());
app.use(cors()); // Allow all for now, restrict to brutale.fun in production
app.use(helmet()); // Secure HTTP headers
app.use(morgan('tiny')); // Minimal logging

// 2. Database Connection
mongoose.connect(process.env.MONGO_URI)
  .then(() => console.log('⚡ Brutale DB Connected'))
  .catch(err => console.error('❌ DB Error:', err));

// 3. Health Check (Crucial for UptimeRobot)
app.get('/ping', (req, res) => res.status(200).send('PONG'));

// 4. API Routes
app.use('/api/v1/auth', authRoutes);
app.use('/api/v1/movies', mediaRoutes);
app.use('/api/v1/reviews', optionalAuth, reviewRoutes);

app.listen(PORT, () => {
  console.log(`🚀 Brutale Server running on port ${PORT}`);
});