import bcrypt from 'bcrypt';
import { getCollections } from '../db/mongo.js';

export function registerAuthRoutes(app) {
  const { usersCollection } = getCollections();

  app.get('/register', (req, res) => res.render('register', { error: null }));

  app.post('/register', async (req, res) => {
    const { email, password } = req.body;
    if (!email || !password) return res.render('register', { error: 'Bitte Email und Passwort angeben.' });
    const existingUser = await usersCollection.findOne({ email: email.toLowerCase() });
    if (existingUser) return res.render('register', { error: 'Email schon registriert.' });
    const hash = await bcrypt.hash(password, 10);
    await usersCollection.insertOne({ email: email.toLowerCase(), passwordHash: hash });
    res.redirect('/login');
  });

  app.get('/login', (req, res) => res.render('login', { error: null }));

  app.post('/login', async (req, res) => {
    const { email, password } = req.body;
    const user = await usersCollection.findOne({ email: email.toLowerCase() });
    if (!user) return res.render('login', { error: 'Falsche Email oder Passwort.' });
    const match = await bcrypt.compare(password, user.passwordHash);
    if (!match) return res.render('login', { error: 'Falsche Email oder Passwort.' });
    req.session.userId = user._id;
    res.redirect('/');
  });

  app.get('/logout', (req, res) => {
    req.session.destroy(() => res.redirect('/login'));
  });
}