const bcrypt = require("bcryptjs");
const jwt = require("jsonwebtoken");
const User = require("../models/user.model");
const { sendError } = require("../utils/http");

exports.register = async (req, res) => {
  let { username, password, name } = req.body;
  username = username.toLowerCase();
  console.log(`Registration attempt for ${name} => username:${username}`);

  try {
    const hash = await bcrypt.hash(password, 10);
    const user = await User.createUser(username, hash, name);
    console.log(`User registered: ${username}`);

    res.json({ message: "User registered", user });
  } catch (err) {
    sendError(res, 400, "Registration failed");
  }
};

exports.login = async (req, res) => {
  let { username, password } = req.body;

  username = username.toLowerCase();
  const user = await User.findByUsername(username);
  if (!user) {
    console.log(`Login attempt with unknown user: ${username}`);
    return sendError(res, 401, "User not found");
  }

  const valid = await bcrypt.compare(password, user.password);
  if (!valid) {
    console.log(`Invalid login attempt for user ${username}`);
    return sendError(res, 401, "Invalid credentials");
  }

  const token = jwt.sign(
    { id: user.id, role: user.role },
    process.env.JWT_SECRET,
    { expiresIn: "1 year" }
  );

  res.json({ token, userId: user.id, username, role: user.role });
};