import { Router } from 'express';
import { env } from '../config/env.js';
import {
  clearOwnerCookie,
  isOwnerAuthenticated,
  setOwnerCookie,
  verifyOwnerSecret,
} from '../lib/ownerAuth.js';

const router = Router();

router.get('/api/auth/owner/status', (req, res) => {
  res.json({
    authenticated: isOwnerAuthenticated(req),
    required: !!env.ownerSecret,
  });
});

router.post('/api/auth/owner', (req, res) => {
  if (!env.ownerSecret) {
    res.status(503).json({ ok: false, reason: 'owner_auth_not_configured' });
    return;
  }
  const { secret } = (req.body || {}) as { secret?: unknown };
  if (!verifyOwnerSecret(secret)) {
    res.status(401).json({ ok: false, reason: 'invalid_secret' });
    return;
  }
  setOwnerCookie(res);
  res.json({ ok: true });
});

router.post('/api/auth/owner/logout', (_req, res) => {
  clearOwnerCookie(res);
  res.json({ ok: true });
});

export default router;