const express = require('express');
const cors = require('cors');
const mongoose = require('mongoose');

const app = express();
const port = process.env.PORT || 5000;

const whitelist = [
    'https://preview.beachpartyballoons.com',
    'https://beachpartyballoons.com',
    'https://www.beachpartyballoons.com',
    'https://photobackend.beachpartyballoons.com', // Dedicated backend hostname
    'http://localhost:3050',
    'http://127.0.0.1:3050',
    'http://localhost:8080' // Common local dev port
];
const corsOptions = {
    origin: function (origin, callback) {
        if (whitelist.indexOf(origin) !== -1 || !origin) { // !origin allows same-origin and server-to-server
            callback(null, true);
        } else {
            callback(new Error('Not allowed by CORS'));
        }
    },
    methods: ['GET', 'POST', 'PUT', 'DELETE'],
    allowedHeaders: ['Content-Type', 'Authorization']
};

app.use(cors(corsOptions));
app.use(express.json());
app.use('/uploads', express.static('uploads'));

// MongoDB Connection
const uri = process.env.MONGO_URI || 'mongodb://localhost:27017/photogallery';
mongoose.connect(uri, { useNewUrlParser: true, useUnifiedTopology: true });
const connection = mongoose.connection;
connection.once('open', () => {
  console.log("MongoDB database connection established successfully");
})

// API Routes
const photosRouter = require('./routes/photos');
app.use('/photos', photosRouter);

app.listen(port, () => {
  console.log(`Server is running on port: ${port}`);
});