const express = require("express");
const bcrypt = require("bcrypt");
const Database = require("better-sqlite3");

const db = new Database("plusfit.db");
const router = express.Router();

router.get("/", (req, res) => {
  res.render("login");
});

router.post("/login", async (req, res) => {
  const { username, password } = req.body;

  const admin = db
    .prepare("SELECT * FROM admins WHERE username = ?")
    .get(username);

  if (!admin) return res.send("Login fehlgeschlagen");

  const ok = await bcrypt.compare(password, admin.password);
  if (!ok) return res.send("Login fehlgeschlagen");

  req.session.loggedIn = true;

  req.session.save((err) => {
    if (err) {
      console.error("Session Save Error:", err);
      return res.send("Login-Fehler");
    }

    res.redirect("/users/dashboard");
  });
});

router.get("/logout", (req, res) => {
  req.session.destroy(() => res.redirect("/"));
});

module.exports = router;