/**
 * Authentication Middleware for Weight Tracker
 * Handles password protection and session management
 */

const bcrypt = require('bcryptjs');
const session = require('express-session');
const cookieParser = require('cookie-parser');

// Default session configuration
const sessionConfig = {
  secret: process.env.SESSION_SECRET || 'weight-tracker-secret',
  resave: false,
  saveUninitialized: false,
  cookie: {
    secure: process.env.COOKIE_SECURE === 'true',
    httpOnly: true,
    maxAge: 24 * 60 * 60 * 1000 // 24 hours
  }
};

/**
 * Initialize authentication middleware
 * @param {Object} app - Express app
 */
function initAuth(app) {
  // Parse cookies
  app.use(cookieParser());
  
  // Session management
  app.use(session(sessionConfig));
  
  // Serve login page
  app.get('/login', (req, res) => {
    if (req.session.authenticated) {
      return res.redirect('/');
    }
    res.sendFile('login.html', { root: __dirname });
  });
  
  // Handle login form submission
  app.post('/auth/login', (req, res) => {
    // This server-side authentication middleware (auth-middleware.js) has been deprecated.
    // Authentication for data access was tied to the server-side data API, which is now removed.
    // Client-side data encryption could be an alternative if data protection is required.
    res.redirect('/login?error=deprecated');
  });
  
  // Logout endpoint
  app.get('/auth/logout', (req, res) => {
    req.session.destroy();
    res.redirect('/login');
  });
  
  // Authentication check endpoint for Nginx auth_request
  app.get('/auth/check', (req, res) => {
    // This server-side authentication middleware (auth-middleware.js) has been deprecated.
    // Authentication for data access was tied to the server-side data API, which is now removed.
    // Client-side data encryption could be an alternative if data protection is required.
    return res.status(401).send('Unauthorized');
  });
  
  // Authentication middleware for all other routes
  app.use((req, res, next) => {
    // Skip auth for login-related routes and static assets
    if (req.path === '/login' || 
        req.path === '/auth/login' || 
        req.path === '/auth/check' ||
        req.path.match(/\.(css|js|png|jpg|jpeg|gif|ico|svg)$/)) {
      return next();
    }
    
    // Check if user is authenticated
    if (req.session.authenticated) {
      return next();
    }
    
    // Redirect to login page
    res.redirect('/login');
  });
}

/**
 * Generate a password hash (utility function)
 * @param {string} password - Plain text password
 * @returns {Promise<string>} - Hashed password
 */
function generateHash(password) {
  return bcrypt.hash(password, 10);
}

module.exports = {
  initAuth,
  generateHash
};