// HOST-Kundenkonten: Registrierung + Login. Gibt ein JWT zurück.
import { Router } from "express";
import { one } from "../db.js";
import { hashPassword, verifyPassword, signToken } from "../auth.js";

export const authRouter = Router();

const isEmail = (s) => /.+@.+\..+/.test(s || "");

authRouter.post("/register", async (req, res) => {
  const email = (req.body?.email || "").trim().toLowerCase();
  const password = req.body?.password || "";
  if (!isEmail(email)) return res.status(400).json({ error: "Ungültige Email." });
  if (password.length < 8) return res.status(400).json({ error: "Passwort min. 8 Zeichen." });

  const existing = await one("select id from accounts where email = $1", [email]);
  if (existing) return res.status(409).json({ error: "Konto existiert bereits." });

  let account;
  try {
    account = await one(
      "insert into accounts (email, password_hash) values ($1, $2) returning id, email",
      [email, await hashPassword(password)]
    );
  } catch (e) {
    // 23505 = unique_violation (Race zwischen SELECT und INSERT).
    if (e.code === "23505") return res.status(409).json({ error: "Konto existiert bereits." });
    throw e;
  }
  res.json({ token: signToken(account), account: { id: account.id, email: account.email } });
});

authRouter.post("/login", async (req, res) => {
  const email = (req.body?.email || "").trim().toLowerCase();
  const password = req.body?.password || "";
  const account = await one("select id, email, password_hash from accounts where email = $1", [email]);
  if (!account || !(await verifyPassword(password, account.password_hash))) {
    return res.status(401).json({ error: "Email oder Passwort falsch." });
  }
  res.json({ token: signToken(account), account: { id: account.id, email: account.email } });
});