const config = require('../config');
const database = require('../database');

// Middleware to check authentication via signed cookie
async function requireAuth(req, reply) {
  const raw = req.cookies && req.cookies.kitchen_session;
  if (!raw) { reply.redirect('/login'); return; }
  const { valid, value } = req.unsignCookie(raw || '');
  if (!valid) { reply.redirect('/login'); return; }
  const token = config.get('authToken');
  const expiry = config.get('tokenExpiry');
  const apiClient = require('../api-client');
  if (!token || apiClient.isTokenExpired(expiry)) {
    reply.redirect('/login');
    return;
  }
  if (value === token) return;
  const previousToken = config.get('previousAuthToken');
  if (previousToken && value === previousToken) {
    const isHttps = (req.protocol === 'https') || ((req.headers['x-forwarded-proto'] || '').toString().toLowerCase() === 'https');
    reply.setCookie('kitchen_session', token, {
      signed: true, httpOnly: true, secure: isHttps,
      sameSite: 'strict', maxAge: 30 * 24 * 60 * 60, path: '/'
    });
    return;
  }
  reply.redirect('/login');
}

async function dashboardRoutes(fastify, options) {

  // Dashboard page
  fastify.get('/dashboard', { preHandler: requireAuth }, async (req, reply) => {
    const appConfig = config.getAll();
    const stats = database.getOrderStats();
    
    return reply.view('dashboard', {
      config: appConfig,
      stats: stats,
      showStats: appConfig.showOrderStats !== 'false'
    });
  });
}

module.exports = dashboardRoutes;