const express = require('express');
const sqlite3 = require('sqlite3').verbose();
const bcrypt = require('bcrypt');
const helmet = require('helmet');
const escape = require('escape-html');
const jwt = require('jsonwebtoken');
const app = express();
app.use(express.json());

const SECRET_KEY = "votre_clé_super_secrète_et_longue";

// BDD simulée en mémoire
const db = new sqlite3.Database(':memory:');
db.serialize(async () => {
  db.run("CREATE TABLE users (id INTEGER PRIMARY KEY, username TEXT, password TEXT)");
  db.run("CREATE TABLE notes (id INTEGER PRIMARY KEY, user_id INTEGER, content TEXT)");
  const passAdmin = await bcrypt.hash('supersecret', 10);
  const passAlice = await bcrypt.hash('password123', 10);
  const stmt = db.prepare("INSERT INTO users (username, password) VALUES (?, ?)");
  stmt.run('admin', passAdmin);
  stmt.run('alice', passAlice);
  stmt.finalize();
  db.run("INSERT INTO notes (user_id, content) VALUES (2, 'Mon secret personnel')");
});

function sendResponse(res, statusCode, data = null, message = '', error = null) {
  res.status(statusCode).json({
    status: statusCode < 400 ? 'success' : 'error',
    message: message,
    data: data,
    error: error
  });
}

function authenticateToken(req, res, next) {
  const authHeader = req.headers['authorization'];
  const token = authHeader && authHeader.split(' ')[1];
  if (!token) return sendResponse(res, 401, null, '', 'Forgot token');
  jwt.verify(token, SECRET_KEY, (err, user) => {
    if (err) return sendResponse(res,403,null, '', 'Erreur de connexion');
    req.user = user;
    next();
  });
}

app.get('/', (req, res) => {
  return sendResponse(res, 200, null, 'Bienvenue sur mon API !')
})

// Route de connexion
app.post('/login', (req, res) => {
  const { username, password } = req.body;
  const query = "SELECT * FROM users WHERE username = ?";
  db.get(query, [username], async (err, row) => {
    if (err) return sendResponse(res, 500, null, '', "Erreur serveur");
    if (!row) return sendResponse(res, 401, null, '', "Identifiants incorrects");
    const match = await bcrypt.compare(password, row.password);
    if (match) {
      const token = jwt.sign({ id: row.id, username: row.username }, SECRET_KEY, { expiresIn: '1h' });
      sendResponse(res, 200, token, 'Connexion réussie !')
      res.json({ token });
    } else {
      sendResponse(res, 401, null, '', "Identifiants incorrects");
    }
  });
});

app.get('/notes/:id', authenticateToken, (req, res) => {
  const query = "SELECT * FROM notes WHERE id = ?";
  db.get(query, [req.params.id], (err, row) => {
    if (err) return sendResponse(res, 401, null, '', "Erreur");
    if (!row) return sendResponse(res, 404, null, '', "Not found");
    if (row.user_id !== req.user.id) {
      return sendResponse(res, 403, null, '', "Forbidden");
    }
    res.json({ content: row.content });
  });
});

app.post('/notes', authenticateToken, (req, res) => {
  const { content } = req.body;
  const userId = req.user.id;
  const stmt = db.prepare("INSERT INTO notes (user_id, content) VALUES (?, ?)");
  stmt.run(userId, content, function(err) {
    if (err) return sendResponse(res, 500, null, '', err.message);
    const id = this.lastID
    sendResponse(res, 200, id, 'Note sécurisée créée');
  });
});

app.listen(3000, () => console.log('Server running on port 3000'));