const express = require('express');
const jwt = require('jsonwebtoken');

const app = express();
const JWT_SECRET = process.env.JWT_SECRET || 'dev-secret-ne-koristiti-u-produkciji';

function authenticate(req, res, next) {
  const authHeader = req.headers.authorization || '';
  const token = authHeader.startsWith('Bearer ') ? authHeader.slice(7) : null;

  if (!token) {
    return res.status(401).json({ error: 'Missing bearer token' });
  }

  try {
    req.user = jwt.verify(token, JWT_SECRET);
    return next();
  } catch (error) {
    return res.status(401).json({ error: 'Invalid token' });
  }
}

app.get('/api/orders', authenticate, (req, res) => {
  res.setHeader('X-Served-By', 'orders-api');
  return res.json([
    { id: 1, item: 'Knjiga: Mikroservisi', amount: 25 },
    { id: 2, item: 'Knjiga: API Security', amount: 30 }
  ]);
});

app.listen(3002, () => {
  console.log('orders-api na portu 3002');
});