const express = require('express');
const cors = require('cors');
const nodemailer = require('nodemailer');
const bodyParser = require('body-parser');

const app = express();
const PORT = process.env.PORT || 4000;

app.use(cors());
app.use(bodyParser.json());

let otpStore = {};
let users = {}; // { username: { email, password, firstName, lastName, dob, role } }

// Setup mail transporter (replace with your real email and app password)
const transporter = nodemailer.createTransport({
  service: 'gmail',
  auth: {
    user: 'your_email@gmail.com',
    pass: 'your_app_password' // You need to use an app password, not your regular one
  }
});

// ✅ Send OTP to email
app.post('/api/send-otp', (req, res) => {
  const { email } = req.body;
  if (!email) return res.status(400).send('Email is required');

  const otp = Math.floor(100000 + Math.random() * 900000).toString();
  otpStore[email] = otp;

  const mailOptions = {
    from: 'your_email@gmail.com',
    to: email,
    subject: 'Your Educe Confirmation Code',
    text: `Your code is: ${otp}`
  };

  transporter.sendMail(mailOptions, (error, info) => {
    if (error) {
      console.log(error);
      return res.status(500).send('Failed to send code');
    }
    res.status(200).send('Code sent');
  });
});

// ✅ Verify OTP
app.post('/api/verify-otp', (req, res) => {
  const { email, otp } = req.body;
  if (!email || !otp) return res.status(400).send('Email and code required');

  if (otpStore[email] === otp) {
    delete otpStore[email];
    res.status(200).send('Verified');
  } else {
    res.status(400).send('Invalid code');
  }
});

// ✅ Check username availability
app.post('/api/check-username', (req, res) => {
  const { username } = req.body;
  if (!username) return res.status(400).send('Username required');

  if (users[username]) {
    res.status(409).send('Username already taken');
  } else {
    res.status(200).send('Available');
  }
});

// ✅ Register user
app.post('/api/register', (req, res) => {
  const { username, password, email, firstName, lastName, dob, role } = req.body;

  if (!username || !password || !email || !firstName || !lastName || !dob || !role) {
    return res.status(400).send('All fields are required');
  }

  if (users[username]) {
    return res.status(409).send('Username already exists');
  }

  users[username] = { email, password, firstName, lastName, dob, role };
  res.status(200).send('Registered');
});

// ✅ Login user
app.post('/api/login', (req, res) => {
  const { username, password } = req.body;

  if (!username || !password) return res.status(400).send('Username and password required');

  const user = users[username];
  if (!user || user.password !== password) {
    return res.status(401).send('Invalid login');
  }

  res.status(200).json({ message: 'Welcome back!', user });
});

// ✅ Start the server
app.listen(PORT, () => {
  console.log(`Server running on http://localhost:${PORT}`);
});