import express from 'express';
import { verifyPassword, getAllPasswords } from '../database.js';
import { generateUserToken, verifyToken } from '../utils/jwt.js';
import { loginLimiter } from '../middleware/rateLimit.js';

const router = express.Router();

/**
 * 用户密码验证
 * POST /api/auth/verify
 * Body: { password: string } 或 { name: string, password: string }
 */
router.post('/verify', loginLimiter, (req, res) => {
  const { name, password } = req.body;

  if (!password) {
    return res.status(400).json({ error: '请提供访问密码' });
  }

  const result = verifyPassword(name, password);

  if (!result || !result.valid) {
    return res.status(401).json({ error: '访问密码错误' });
  }

  const token = generateUserToken(result.name);

  res.json({
    success: true,
    token,
    message: '验证成功'
  });
});

/**
 * 验证 token 有效性
 * GET /api/auth/verify-token
 * Header: Authorization: Bearer <token>
 */
router.get('/verify-token', (req, res) => {
  const authHeader = req.headers.authorization;

  if (!authHeader || !authHeader.startsWith('Bearer ')) {
    return res.status(401).json({ valid: false, error: '未提供令牌' });
  }

  const token = authHeader.substring(7);
  const payload = verifyToken(token);

  if (!payload) {
    return res.status(401).json({ valid: false, error: '令牌无效或已过期' });
  }

  res.json({
    valid: true,
    user: {
      name: payload.name,
      type: payload.type
    }
  });
});

/**
 * 获取所有可用的密码名称列表（用于下拉选择）
 * GET /api/auth/names
 */
router.get('/names', (req, res) => {
  const passwords = getAllPasswords();
  res.json({
    names: passwords.map(p => p.name)
  });
});

export default router;