const express = require('express');
const db = global.db;
const router = express.Router();

const cannedErrors = {
	1: 'Invalid username or password.',
	2: 'Username and password are required.',
	3: 'Internal server error.',
	4: 'Please log in to continue.'
}

// GET /login
router.get('/', (req, res) => {
	if (req.session.user) return res.redirect('/dashboard');
	const err = cannedErrors[req.query.err];
	res.render('login', { error: err }); // Assumes you have a 'login' view/template
});

// POST /login
router.post('/', (req, res) => {
	if (req.session.user) return res.redirect('/dashboard');
	const { username, password } = req.body;
	//console.log(username, password)
	//console.log(req.body)
	if (!username || !password) return res.status(400).render('login', { error: 'Username and password are required.' });
	db.query('SELECT * FROM users WHERE username = ?', [username]).then(async (user) => {
		user = user[0];
		//console.log(user);
		//res.send("Test")
		// This is the original code, commented out for debuggingw
		if (!user) return res.status(401).render('login', { error: 'Invalid username or password.' });
		//console.log(password, user.passwordHash);
		const match = await global.comparePassword(password, user.passwordHash);
		//console.log(match)
		if (!match) return res.status(401).render('login', { error: 'Invalid username or password.' });
		if (global.checkACL(req, 'login') == false) return res.status(403).render('error', { error: 'You do not have permission to log in.', button: {text:"Go back", action:"back"} });
		req.session.user = user;;
		res.redirect('/dashboard');
	}).catch(err => {
		global.log.error(`Database error during login: ${err}`);
		res.status(500).render('login', { error: 'Internal server error.' });
	})
});

module.exports = router;