import 'dotenv/config';
import express from 'express';
import cors from 'cors';
import { toNodeHandler } from 'better-auth/node';
import { auth } from './auth/auth';
import { authRateLimiter, apiRateLimiter } from './auth/rateLimiter';
import chemicalsRouter from './routes/chemicals';
import protocolsRouter from './routes/protocols';
import path from 'path';

const app = express();
console.log(process.env.BETTER_AUTH_URL, process.env.BETTER_AUTH_SECRET);
const PORT = process.env.PORT || 3001;
const UPLOADS_DIR = process.env.UPLOADS_DIR || path.join(__dirname, '../uploads');

// Trust Cloudflare/proxy X-Forwarded-For headers
app.set('trust proxy', 1);

app.use(cors({
  origin: [
    'http://localhost:5173',
    'https://labwise.wahwa.com',
  ],
  credentials: true,
}));

// Serve uploaded files
app.use('/uploads', express.static(UPLOADS_DIR));

// Better Auth — must come before express.json() so it can read its own body
app.use('/api/auth/*', authRateLimiter);
app.all('/api/auth/*', toNodeHandler(auth));

// Body parsing for all other routes
app.use(express.json({ limit: '1mb' }));

// Application routes
app.use('/api', apiRateLimiter);
app.use('/api/chemicals', chemicalsRouter);
app.use('/api/protocols', protocolsRouter);

app.get('/api/health', (_req, res) => res.json({ ok: true }));

app.listen(PORT, () => {
  console.log(`LabWise API running on http://localhost:${PORT}`);
  console.log('BETTER_AUTH_URL:', process.env.BETTER_AUTH_URL);
  console.log('BETTER_AUTH_SECRET:', process.env.BETTER_AUTH_SECRET);
});