const express = require("express");
const router = express.Router();
const jwt = require("jsonwebtoken");
const bcrypt = require("bcrypt");
const db = require("../../config/db");

// User login endpoint
router.post("/login", (req, res) => {
  const { username, password } = req.body;

  if (!username || !password) {
    return res.status(400).send("Username and password are required");
  }

  const sql = "SELECT * FROM tbl_user WHERE username = ?";
  db.query(sql, [username], async (err, results) => {
    if (err) {
      console.error(err);
      return res.status(500).send("Server error");
    }

    if (results.length === 0) {
      return res.status(401).send("Invalid credentials");
    }

    const user = results[0];

    // Compare provided password with the hashed password in the database
    const isMatch = await bcrypt.compare(password, user.password);
    
    if (isMatch) {
      let jwtSecretKey = process.env.JWT_SECRET_KEY || "defaultSecretKey";
      let data = { userId: user.id, username: user.username };

      // Create JWT token
      const token = jwt.sign(data, jwtSecretKey, { expiresIn: "1d" });
      return res.json({ token });
    } else {
      return res.status(401).send("Invalid credentials");
    }
  });
});

module.exports = router;