require('dotenv').config();

const fs = require('fs');
const http = require('http');
const https = require('https');
const path = require('path');
const express = require('express');
const authRoutes = require('./routes/auth');
const profileRoutes = require('./routes/profile');
const ordersRoutes = require('./routes/orders');
const previewRoutes = require('./routes/preview');
const startAdminService = require('./admin-service');

const app = express();
app.use(express.json());

app.get('/api/public', (req, res) => {
  res.json({ message: 'Javni endpoint radi.' });
});

app.get('/api/internal', (req, res) => {
  const cert = req.socket.getPeerCertificate();

  if (!req.client.authorized) {
    return res.status(401).json({ error: 'Client certificate required' });
  }

  return res.json({ message: 'mTLS pristup odobren.', client: cert.subject });
});

app.use('/auth', authRoutes);
app.use('/api', profileRoutes);
app.use('/api', ordersRoutes);
app.use('/api', previewRoutes);

const useHttps = String(process.env.HTTPS || '').toLowerCase() === 'true';

if (useHttps) {
  const certsDir = path.join(process.cwd(), 'certs');
  const options = {
    key: fs.readFileSync(path.join(certsDir, 'server.key')),
    cert: fs.readFileSync(path.join(certsDir, 'server.crt')),
    ca: fs.readFileSync(path.join(certsDir, 'ca.crt')),
    requestCert: true,
    rejectUnauthorized: false
  };

  https.createServer(options, app).listen(3443, () => {
    console.log('API na https://localhost:3443');
  });
} else {
  http.createServer(app).listen(3000, () => {
    console.log('API na http://localhost:3000');
  });
}

if (process.env.START_ADMIN_SERVICE !== 'false') {
  startAdminService();
}