const express = require("express");
const fs = require("fs");
const { v4: uuidv4 } = require("uuid");

const app = express();
app.use(express.json());
app.use(express.static("public"));

const USERS_FILE = "users.json";

let sessions = {};

// LOGIN
app.post("/login", (req, res) => {
  const { user, pass } = req.body;

  if (!fs.existsSync(USERS_FILE)) return res.send({ ok: false });

  const users = JSON.parse(fs.readFileSync(USERS_FILE));

  const found = users.find(u => u.user === user && u.pass === pass);

  if (!found) return res.send({ ok: false });

  const token = uuidv4();

  sessions[token] = {
    user: found.user,
    admin: found.user === "admin"
  };

  res.send({ ok: true, token, admin: found.user === "admin" });
});

// CHECK SESSION
app.get("/check", (req, res) => {
  const token = req.headers["authorization"];

  if (!token || !sessions[token]) {
    return res.send({ ok: false });
  }

  res.send({ ok: true, user: sessions[token] });
});

// LISTE USERS (admin)
app.get("/users", (req, res) => {
  const token = req.headers["authorization"];

  if (!sessions[token] || !sessions[token].admin) {
    return res.send({ ok: false });
  }

  const users = JSON.parse(fs.readFileSync(USERS_FILE));
  res.send(users);
});

// AJOUT USER
app.post("/add-user", (req, res) => {
  const token = req.headers["authorization"];

  if (!sessions[token] || !sessions[token].admin) {
    return res.send({ ok: false });
  }

  const { user, pass } = req.body;

  let users = JSON.parse(fs.readFileSync(USERS_FILE));

  users.push({ user, pass });

  fs.writeFileSync(USERS_FILE, JSON.stringify(users, null, 2));

  res.send({ ok: true });
});

// SUPPRESSION USER
app.post("/delete-user", (req, res) => {
  const token = req.headers["authorization"];

  if (!sessions[token] || !sessions[token].admin) {
    return res.send({ ok: false });
  }

  const { user } = req.body;

  let users = JSON.parse(fs.readFileSync(USERS_FILE));

  users = users.filter(u => u.user !== user);

  fs.writeFileSync(USERS_FILE, JSON.stringify(users, null, 2));

  res.send({ ok: true });
});

app.listen(3000, () => {
  console.log("🚆 Sirius sécurisé lancé sur http://localhost:3000");
});