const express = require('express');
const {
  AUTH_USERNAME,
  clearAuthCookie,
  isValidCredentials,
  readSession,
  setAuthCookie,
} = require('../auth');

const router = express.Router();

router.get('/me', (req, res) => {
  const user = readSession(req);

  if (!user) {
    return res.status(401).json({ error: '当前未登录' });
  }

  res.json({ user });
});

router.post('/login', (req, res) => {
  const username = String(req.body.username ?? '').trim();
  const password = String(req.body.password ?? '');

  if (!username || !password) {
    return res.status(400).json({ error: '请输入用户名和密码' });
  }

  if (!isValidCredentials(username, password)) {
    return res.status(401).json({ error: '用户名或密码错误' });
  }

  setAuthCookie(res, AUTH_USERNAME);
  res.json({
    user: {
      username: AUTH_USERNAME,
    },
  });
});

router.post('/logout', (req, res) => {
  clearAuthCookie(res);
  res.json({ message: '已退出登录' });
});

module.exports = router;