const bcrypt = require("bcryptjs");
const jwt = require("jsonwebtoken");
const User = require("../models/user.model");

exports.register = async (req, res) => {
  const { email, password, role } = req.body;

  try {
    const hash = await bcrypt.hash(password, 10);
    const user = await User.createUser(email, hash, role);
    res.json({ message: "User registered", user });
  } catch (err) {
    res.status(400).json({ message: "Registration failed", error: err });
  }
};

exports.login = async (req, res) => {
  const { username, password } = req.body;
  console.log(`Login attempt for user: ${username} with password: ${password}`);

  const user = await User.findByUsername(username);
  if (!user) return res.status(401).json({ message: "Invalid credentials" });

  const valid = await bcrypt.compare(password, user.password);
  if (!valid) return res.status(401).json({ message: "Invalid credentials" });

  const token = jwt.sign(
    { id: user.id, role: user.role },
    process.env.JWT_SECRET,
    { expiresIn: "1d" }
  );

  res.json({ token, role: user.role });
};