import express from 'express';
import cors from 'cors';
import helmet from 'helmet';
import rateLimit from 'express-rate-limit';
import dotenv from 'dotenv';
dotenv.config();

import { authRouter } from './routes/auth';
import { plansRouter } from './routes/plans';
import { productsRouter } from './routes/products';
import { blogRouter } from './routes/blog';
import { paymentRouter } from './routes/payments';
import { userRouter } from './routes/user';
import { aiRouter } from './routes/ai';
import { trackerRouter } from './routes/tracker';
import { adminRouter } from './routes/admin';
import { leadsRouter } from './routes/leads';
import { errorHandler } from './middleware/errorHandler';
import { authenticate } from './middleware/auth';

const app = express();
const PORT = process.env.PORT || 3001;

// ── Security ────────────────────────────────
app.use(helmet());
app.use(cors({
  origin: process.env.FRONTEND_URL || 'http://localhost:3000',
  credentials: true
}));

// ── Rate limiting ────────────────────────────
const generalLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 min
  max: 100,
  message: { error: 'Too many requests, please try again later.' }
});

const authLimiter = rateLimit({
  windowMs: 15 * 60 * 1000,
  max: 10,
  message: { error: 'Too many auth attempts.' }
});

const aiLimiter = rateLimit({
  windowMs: 60 * 60 * 1000, // 1 hour
  max: 5,
  message: { error: 'AI generation limit reached. Upgrade to Pro for unlimited.' }
});

app.use(generalLimiter);
app.use(express.json({ limit: '10mb' }));

// ── Stripe webhook (raw body needed) ────────
app.use('/api/payments/webhook', express.raw({ type: 'application/json' }));

// ── Routes ───────────────────────────────────
app.use('/api/auth', authLimiter, authRouter);
app.use('/api/plans', plansRouter);
app.use('/api/products', productsRouter);
app.use('/api/blog', blogRouter);
app.use('/api/payments', paymentRouter);
app.use('/api/user', authenticate, userRouter);
app.use('/api/ai', authenticate, aiLimiter, aiRouter);
app.use('/api/tracker', authenticate, trackerRouter);
app.use('/api/admin', authenticate, adminRouter);
app.use('/api/leads', leadsRouter);

// ── Health check ─────────────────────────────
app.get('/health', (_, res) => res.json({ status: 'ok', timestamp: new Date().toISOString() }));

// ── Error handler ────────────────────────────
app.use(errorHandler);

app.listen(PORT, () => {
  console.log(`🥑 TheKetoBay API running on port ${PORT}`);
});

export default app;