const express = require('express');
const cors    = require('cors');
const path    = require('path');
const db      = require('./db/database');

const app  = express();
const PORT = process.env.PORT || 3001;

app.use(cors());
app.use(express.json());
app.use(express.static(path.join(__dirname, 'client', 'dist')));

app.get('/api/health', (req, res) => {
    res.json({ status: 'ok', timestamp: new Date().toISOString() });
});

app.get('/api/employees', (req, res) => {
    const rows = db.prepare('SELECT id, name, department, supervisor FROM employees ORDER BY name ASC').all();
    res.json(rows);
});

app.post('/api/employees', (req, res) => {
    const { name, department, supervisor } = req.body;
    if (!name) return res.status(400).json({ error: 'name is required' });
    const existing = db.prepare('SELECT * FROM employees WHERE LOWER(name) = LOWER(?)').get(name);
    if (existing) {
        if (department || supervisor) {
            db.prepare('UPDATE employees SET department = COALESCE(?, department), supervisor = COALESCE(?, supervisor) WHERE id = ?')
              .run(department || null, supervisor || null, existing.id);
        }
        return res.json({ ...existing, department, supervisor });
    }
    const result = db.prepare('INSERT INTO employees (name, department, supervisor) VALUES (?, ?, ?)').run(name, department || null, supervisor || null);
    res.status(201).json({ id: result.lastInsertRowid, name, department, supervisor });
});

app.get('/api/violations/employee/:employeeId', (req, res) => {
    const rows = db.prepare('SELECT * FROM violations WHERE employee_id = ? ORDER BY incident_date DESC').all(req.params.employeeId);
    res.json(rows);
});

app.get('/api/employees/:employeeId/score', (req, res) => {
    const row = db.prepare('SELECT * FROM active_cpas_scores WHERE employee_id = ?').get(req.params.employeeId);
    res.json(row || { active_points: 0, violation_count: 0 });
});

app.post('/api/violations', (req, res) => {
    const { employee_id, violation_type, violation_name, category, points, incident_date, incident_time, location, details, submitted_by, witness_name } = req.body;
    if (!employee_id || !violation_type || !points || !incident_date) {
        return res.status(400).json({ error: 'Missing required fields: employee_id, violation_type, points, incident_date' });
    }
    const result = db.prepare(`
        INSERT INTO violations (employee_id, violation_type, violation_name, category, points, incident_date, incident_time, location, details, submitted_by, witness_name)
        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
    `).run(employee_id, violation_type, violation_name || violation_type, category || 'General', points, incident_date, incident_time || null, location || null, details || null, submitted_by || null, witness_name || null);
    res.status(201).json({ id: result.lastInsertRowid });
});

app.get('*', (req, res) => {
    res.sendFile(path.join(__dirname, 'client', 'dist', 'index.html'));
});

app.listen(PORT, '0.0.0.0', () => {
    console.log(`[CPAS] Server running on port ${PORT}`);
});