package main

import (
	"log"
	"net/http"
	"os"

	"reservation-system/backend/internal/api"
	"reservation-system/backend/internal/auth"
	"reservation-system/backend/internal/db"
	"reservation-system/backend/internal/email"
	"golang.org/x/crypto/bcrypt"
)

func main() {
	// Initialize JWT
	jwtSecret := os.Getenv("JWT_SECRET")
	if jwtSecret == "" {
		jwtSecret = "your-secret-key-change-in-production"
	}
	auth.InitJWTSecret(jwtSecret)

	// Initialize database
	dbPath := os.Getenv("DB_PATH")
	if dbPath == "" {
		dbPath = "/data/reservations.db"
	}

	database, err := db.New(dbPath)
	if err != nil {
		log.Fatalf("Failed to initialize database: %v", err)
	}
	defer database.Close()

	// Create default admin user if none exists
	createDefaultUser(database)

	// Start email processor
	emailProcessor := email.NewEmailProcessor(database)
	emailProcessor.Start()
	defer emailProcessor.Stop()

	// Setup API handlers
	handler := api.NewHandler(database)
	mux := http.NewServeMux()
	handler.RegisterRoutes(mux)

	// Static files
	fs := http.FileServer(http.Dir("/app/frontend"))
	mux.Handle("/", fs)

	// Start server
	port := os.Getenv("PORT")
	if port == "" {
		port = "8080"
	}

	log.Printf("Server starting on port %s", port)
	if err := http.ListenAndServe(":"+port, corsMiddleware(mux)); err != nil {
		log.Fatalf("Server failed: %v", err)
	}
}

func createDefaultUser(database *db.DB) {
	adminUser, _ := database.GetUserByUsername("admin")
	if adminUser == nil {
		hashedPassword, _ := bcrypt.GenerateFromPassword([]byte("admin"), bcrypt.DefaultCost)
		user := &db.models.User{
			Username: "admin",
			Password: string(hashedPassword),
			IsAdmin:  true,
		}
		if err := database.CreateUser(user); err != nil {
			log.Printf("Failed to create default user: %v", err)
		} else {
			log.Println("Created default admin user (admin/admin)")
		}
	}
}

func corsMiddleware(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("Access-Control-Allow-Origin", "*")
		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
		w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")

		if r.Method == "OPTIONS" {
			w.WriteHeader(http.StatusOK)
			return
		}

		next.ServeHTTP(w, r)
	})
}