const express = require("express");
const bcrypt = require("bcrypt");
const { query } = require("../config/database");
const { redirectIfAuth } = require("../middleware/auth");
const router = express.Router();

router.get("/login", redirectIfAuth, (req, res) => {
  res.render("admin/login", {
    error: req.query.error,
    title: "Admin Login - SkyArtShop",
  });
});

router.post("/login", async (req, res) => {
  const { email, password } = req.body;
  try {
    const result = await query(
      "SELECT id, email, name, passwordhash, role FROM adminusers WHERE email = $1",
      [email]
    );
    if (result.rows.length === 0) {
      return res.redirect("/admin/login?error=invalid");
    }
    const admin = result.rows[0];
    const validPassword = await bcrypt.compare(password, admin.passwordhash);
    if (!validPassword) {
      return res.redirect("/admin/login?error=invalid");
    }
    await query("UPDATE adminusers SET lastlogin = NOW() WHERE id = $1", [
      admin.id,
    ]);
    req.session.adminId = admin.id;
    req.session.email = admin.email;
    req.session.name = admin.name;
    req.session.role = admin.role;
    res.redirect("/admin/dashboard");
  } catch (error) {
    console.error("Login error:", error);
    res.redirect("/admin/login?error=server");
  }
});

router.get("/logout", (req, res) => {
  req.session.destroy((err) => {
    if (err) console.error("Logout error:", err);
    res.redirect("/admin/login");
  });
});

module.exports = router;