const express = require('express');
const cors = require('cors');
const dotenv = require('dotenv');
const path = require('path');
const crypto = require('crypto');
const authRoutes = require('./src/routes/authRoutes');
const profileRoutes = require('./src/routes/profileRoutes');
const tripsRoutes = require('./src/routes/tripsRoutes');
const driverLicenseRoutes = require('./src/routes/driverLicenseRoutes');
const { appendPostLog } = require('./src/utils/postLog');

dotenv.config({ path: path.resolve(__dirname, '.env'), override: true });

const app = express();
const PORT = process.env.PORT || 3001;
const uploadsDir = path.resolve(__dirname, 'uploads');

app.set('trust proxy', 1);

const createRequestId = () => {
    if (typeof crypto.randomUUID === 'function') {
        return crypto.randomUUID();
    }

    return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;
};

const captureRawBody = (req, res, buffer) => {
    if (!buffer || buffer.length === 0) {
        return;
    }

    req.rawBody = buffer.toString('utf8');
};

// Middleware
app.use(cors());
app.use(express.json({ verify: captureRawBody }));
app.use(express.urlencoded({ extended: true, verify: captureRawBody }));
app.use((req, res, next) => {
    if (req.method !== 'POST') {
        return next();
    }

    const requestId = createRequestId();
    req.requestId = requestId;
    res.set('x-request-id', requestId);

    const authorizationHeader = req.get('authorization');
    const contentType = req.get('content-type') || null;
    const isMultipartFormData =
        typeof contentType === 'string' &&
        contentType.toLowerCase().startsWith('multipart/form-data');

    if (isMultipartFormData) {
        return next();
    }

    appendPostLog({
        request_id: requestId,
        method: req.method,
        path: req.originalUrl || req.url,
        ip: req.ip || null,
        content_type: contentType,
        has_authorization_header: Boolean(req.get('authorization')),
        authorization: authorizationHeader ? '[REDACTED]' : null,
        query: req.query || {},
        body: req.body || {},
        raw_body: req.rawBody || null
    });

    return next();
});
app.use('/uploads', express.static(uploadsDir));

// Security Middleware
const helmet = require('helmet');
const rateLimit = require('express-rate-limit');

// 1. Basic Security Headers
app.use(helmet());

// 2. Rate Limiting (100 requests per 15 min)
const limiter = rateLimit({
    windowMs: 15 * 60 * 1000, 
    max: 200, 
    standardHeaders: true,
    legacyHeaders: false,
    message: "Too many requests from this IP, please try again after 15 minutes"
});
app.use(limiter);

// Routes
app.use('/', authRoutes);
app.use('/', profileRoutes);
app.use('/', require('./src/routes/locationRoutes'));
app.use('/api', require('./src/routes/stressRoutes')); // Stress Test Endpoint
app.use('/api', tripsRoutes);
app.use('/api', driverLicenseRoutes);

app.get('/', (req, res) => {
    res.send("🔥 Node.js API Backend Running 🔥");
});

const isPassengerRuntime = typeof global.PhusionPassenger !== 'undefined';

if (isPassengerRuntime) {
    app.listen('passenger', () => {
        console.log('Servidor corriendo bajo Passenger');
    });
} else if (require.main === module) {
    app.listen(PORT, "127.0.0.1", () => {
        console.log(`Servidor corriendo en puerto ${PORT}`);
    });
}

module.exports = app;