// Load environment variables from .env file for development
if (process.env.NODE_ENV !== 'production') {
    require('dotenv').config();
}

const express = require('express');
const bodyParser = require('body-parser');
const fs = require('fs');
const path = require('path');

const app = express();
const port = 3000;
const ADMIN_PASSWORD = process.env.ADMIN_PASSWORD;

// --- Production Security Check ---
if (process.env.NODE_ENV === 'production' && (!ADMIN_PASSWORD || ADMIN_PASSWORD === "balloons")) {
    console.error(`
****************************************************************
** FATAL ERROR: Insecure password configuration for production! **
** Please set a secure ADMIN_PASSWORD environment variable.     **
****************************************************************
    `);
    process.exit(1); // Exit the process with an error code
}

// --- Development Warning ---
if (process.env.NODE_ENV !== 'production' && ADMIN_PASSWORD === "balloons") {
    console.warn(`
****************************************************************
** WARNING: Using default, insecure password.                 **
** This is for development only.                              **
****************************************************************
    `);
}

// Use body-parser middleware to parse JSON bodies
app.use(bodyParser.json());

// Serve static files from the root directory
app.use(express.static(path.join(__dirname)));

// API endpoint to update the JSON file
app.post('/api/update-status', (req, res) => {
    const { password, data } = req.body;

    if (password !== ADMIN_PASSWORD) {
        console.log(`[${new Date().toISOString()}] Failed login attempt.`);
        return res.status(401).json({ success: false, message: 'Unauthorized: Incorrect password.' });
    }

    if (!data) {
        return res.status(400).json({ success: false, message: 'Bad Request: No data provided.' });
    }

    const jsonString = JSON.stringify(data, null, 4);
    const filePath = path.join(__dirname, 'update.json');

    fs.writeFile(filePath, jsonString, (err) => {
        if (err) {
            console.error(`[${new Date().toISOString()}] Error writing to update.json:`, err);
            return res.status(500).json({ success: false, message: 'Internal Server Error: Could not write to file.' });
        }
        console.log(`[${new Date().toISOString()}] update.json was successfully updated.`);
        res.json({ success: true, message: 'Status updated successfully.' });
    });
});

app.listen(port, () => {
    console.log(`Server listening at http://localhost:${port}`);
    if (process.env.NODE_ENV !== 'production') {
        console.log(`Admin panel available at http://localhost:${port}/admin.html`);
    }
});