import express from 'express';
import cors from 'cors';
import path from 'path';
import './db/schema'; // initialize DB + bootstrap admin
import { requireAuth } from './middleware/auth';
import authRouter from './routes/auth';
import projectsRouter from './routes/projects';
import toolsRouter from './routes/tools';
import uploadsRouter from './routes/uploads';
import settingsRouter from './routes/settings';
import usersRouter from './routes/users';

const app = express();
const PORT = Number(process.env.PORT || 3000);

app.use(cors());
app.use(express.json({ limit: '10mb' }));

// Public — auth endpoints (login doesn't require token)
app.use('/api/auth', authRouter);

// Protected — all other API routes require a valid JWT
app.use('/api/projects', requireAuth, projectsRouter);
app.use('/api/tools', requireAuth, toolsRouter);
app.use('/api/uploads', requireAuth, uploadsRouter);
app.use('/api/settings', requireAuth, settingsRouter);
app.use('/api/users', usersRouter); // requireAdmin applied inside router

// Serve built React client in production
const clientDist = path.join(__dirname, '../../client/dist');
app.use(express.static(clientDist));
app.get(/^(?!\/api).*/, (_req, res) => {
  res.sendFile(path.join(clientDist, 'index.html'));
});

app.listen(PORT, '0.0.0.0', () => {
  console.log(`[CODEDUMP] Running on port ${PORT}`);
  console.log(`[CODEDUMP] Data directory: ${process.env.DATA_DIR || 'data/'}`);
});