package main

import (
	"net/http"
	"s-class-backend/config"
	"s-class-backend/controllers"
	"s-class-backend/middleware"
	"s-class-backend/models"

	"github.com/gin-gonic/gin"
)

func main() {
	// 1. Konek Database
	config.ConnectDatabase()

	// 2. AutoMigrate (Tambahkan ClassSchedule di sini agar dikenali GORM)
	config.DB.AutoMigrate(&models.User{}, &models.Room{}, &models.Booking{}, &models.ClassSchedule{})

	r := gin.Default()

	// 3. CORS Middleware (Agar Frontend bisa masuk)
	r.Use(CORSMiddleware())

	r.GET("/", func(c *gin.Context) {
		c.JSON(http.StatusOK, gin.H{"message": "Server S-CLASS Backend Berjalan!"})
	})

	// 4. Routes
	auth := r.Group("/api/auth")
	{
		auth.POST("/register", controllers.Register)
		auth.POST("/login", controllers.Login)
	}

	r.POST("/api/verify-code", controllers.VerifyRedeemCode)

	// --- RUTE YANG DILINDUNGI TOKEN (UNTUK WEB) ---
	protected := r.Group("/api")
	protected.Use(middleware.AuthMiddleware())
	{
		protected.GET("/profile", func(c *gin.Context) {
			userID, _ := c.Get("user_id")
			role, _ := c.Get("role")
			c.JSON(http.StatusOK, gin.H{"message": "Masuk!", "user_id": userID, "role": role})
		})

		// Rooms
		protected.GET("/rooms", controllers.GetRooms)
		protected.POST("/rooms", controllers.CreateRoom)

		// Bookings
		protected.POST("/bookings", controllers.CreateBooking)
		protected.GET("/bookings", controllers.GetAllBookings)
		protected.PUT("/bookings/:id/status", controllers.UpdateBookingStatus)

		// Admin (Manage Rooms)
		protected.PUT("/admin/rooms/:id/status", controllers.UpdateRoomStatus)
		
		// 🌟 RUTE BARU: Jadwal Kuliah (Untuk Halaman Web Admin)
		protected.GET("/schedules", controllers.GetSchedules)
	}

	// 5. Jalur IoT ESP32 (Di luar protected karena ESP32 tidak pakai sistem Login Token)
	r.POST("/api/sensor/energy", controllers.UpdateRoomPower)
	
	// 🌟 RUTE BARU: Untuk menerima ketukan pintu dari Hardware ESP32
	r.POST("/api/hardware/verify", controllers.VerifyHardwareCode)

	r.Run(":8080")
}

func CORSMiddleware() gin.HandlerFunc {
	return func(c *gin.Context) {
		c.Writer.Header().Set("Access-Control-Allow-Origin", "http://localhost:3000")
		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, PATCH")

		if c.Request.Method == "OPTIONS" {
			c.AbortWithStatus(204)
			return
		}
		c.Next()
	}
}