const express = require('express');
const db = global.db;
const router = express.Router();

const cannedErrors = {
	1: 'Invalid username or password.',
	2: 'Username and password are required.',
	3: 'Internal server error.',
	4: 'Please log in to continue.'
}

// GET /login
router.get('/', (req, res) => {
	if (req.session.user) return res.redirect('/dashboard');
	const err = cannedErrors[req.query.err];
	res.render('login', { error: err }); // Assumes you have a 'login' view/template
});

// POST /login
router.post('/', (req, res) => {
	if (req.session.user) return res.redirect('/dashboard');
	const { username, password } = req.body;
	if (!username || !password) return res.status(400).render('login', { error: 'Username and password are required.' });
	db.query('SELECT * FROM users WHERE username = ?', [username]).then(async (user) => {
		if (!user) return res.status(401).render('login', { error: 'Invalid username or password.' });
		const match = await global.comparePassword(password, user.passwordHash);
		if (!match) return res.status(401).render('login', { error: 'Invalid username or password.' });
		req.session.user = { user };
		res.redirect('/dashboard');
	}).catch(err => {
		global.log.error(`Database error during login: ${err}`);
		res.status(500).render('login', { error: 'Internal server error.' });
	})
});

module.exports = router;