import { Router } from 'express'
import { rateLimit, createSession, deleteSession, verifyPassword, adminAuth } from '../middleware/adminAuth.js'
import { requireBody } from '../middleware/validate.js'

export const adminRouter = Router()

adminRouter.post('/login', rateLimit, requireBody('password'), (req, res) => {
  const { password } = req.body as { password: string }
  if (!verifyPassword(password)) { res.status(401).json({ error: { code: 'INVALID_PASSWORD', message: 'Invalid password' } }); return }
  const token = createSession()
  res.cookie('admin_session', token, { httpOnly: true, sameSite: 'strict', secure: process.env.NODE_ENV === 'production', maxAge: 24 * 60 * 60 * 1000 })
  res.json({ ok: true })
})

adminRouter.post('/logout', adminAuth, (req, res) => {
  const token = req.cookies?.admin_session
  if (token) deleteSession(token)
  res.clearCookie('admin_session')
  res.json({ ok: true })
})

adminRouter.get('/verify', adminAuth, (_req, res) => { res.json({ ok: true }) })