const express = require('express');
const jwt = require('jsonwebtoken');
const cors = require('cors');

const app = express();
app.use(express.json());
app.use(cors())

const SECRET = "weak-secret";

const users = [
  { id: 1, username: "admin", role: "admin", password: "admin" },
  { id: 2, username: "user", role: "user", password: "user" }
];

app.post('/login', (req, res) => {
  const { username, password } = req.body;
  const user = users.find(u => u.username === username && u.password === password);
  if (!user) return res.status(401).send("Invalid");

  const token = jwt.sign({ id: user.id, role: user.role }, SECRET);
  res.json({ token });
});

app.get('/profile', (req, res) => {
  const token = req.headers.authorization?.split(" ")[1];
  const decoded = jwt.decode(token);
  const user = users.find(u => u.id === decoded.id);
  res.json(user);
});

app.get('/users/:id', (req, res) => {
  const user = users.find(u => u.id == req.params.id);
  res.json(user);
});

app.listen(3000, () => console.log("API running on port 3000"));