require('dotenv').config();
const express = require('express');
const cors = require('cors');
const connectDB = require('./src/utils/database');
//Import routes
const userRoutes = require('./src/routes/userRoutes');
const authRoutes = require('./src/routes/authRoutes');
const documentRoutes = require('./src/routes/documentRoutes');

const app = express();

const corsUrl = process.env.FRONTEND_URL;

app.use(express.urlencoded({ extended: true, limit: '50mb' })); // Increase URL-encoded payload limit
app.use(express.json({ limit: '50mb' })); // Increase JSON payload limit

// Configure CORS to allow specific origins
const allowedOrigins = [
  'https://docucenter.mpe.ca', // Production frontend
  'http://localhost:5173', 
  corsUrl   // Development frontend
];

const corsOptions = {
  origin: (origin, callback) => {
      // Allow requests with no origin (e.g., mobile apps or curl)
      if (!origin || allowedOrigins.includes(origin)) {
          callback(null, true);
      } else {
          callback(new Error('Not allowed by CORS'));
      }
  },
  methods: ['GET', 'POST', 'PUT', 'DELETE'], // Specify allowed HTTP methods
  allowedHeaders: ['Content-Type', 'Authorization'], // Specify allowed headers
  credentials: true, // Enable cookies and credentials sharing
};

app.use(cors(corsOptions));

// Connect to database
connectDB();

// Middleware
app.use(express.json());

// Routes
app.use('/api/user', userRoutes);
app.use('/api/auth', authRoutes);
app.use('/api/document', documentRoutes);

const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
  console.log(`Server running on port ${PORT}`);
});