package main

import (
	"log"
	"os"

	"github.com/labstack/echo/v4"
	"github.com/labstack/echo/v4/middleware"
	"github.com/tas/horchposten/db"
	"github.com/tas/horchposten/handlers"
)

func main() {
	dbPath := "analytics.db"
	if p := os.Getenv("DB_PATH"); p != "" {
		dbPath = p
	}

	addr := ":8080"
	if a := os.Getenv("ADDR"); a != "" {
		addr = a
	}

	apiKey := os.Getenv("API_KEY")
	if apiKey == "" {
		log.Fatal("API_KEY environment variable is required")
	}

	database, err := db.New(dbPath)
	if err != nil {
		log.Fatal(err)
	}
	defer database.Close()

	e := echo.New()

	// Middleware.
	e.Use(middleware.Logger())
	e.Use(middleware.Recover())
	e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
		AllowOrigins: []string{"*"},
		AllowMethods: []string{echo.GET, echo.POST, echo.OPTIONS},
		AllowHeaders: []string{echo.HeaderContentType, "X-API-Key"},
	}))

	// Routes — all analytics endpoints require API key.
	api := e.Group("/api/analytics", handlers.APIKeyAuth(apiKey))
	api.POST("/session/start/", handlers.SessionStart(database))
	api.POST("/session/:session_id/end/", handlers.SessionEnd(database))
	api.GET("/leaderboard/", handlers.Leaderboard(database))
	api.GET("/player/:client_id/", handlers.PlayerStats(database))

	// Admin UI — browser-friendly auth via ?key= query param or X-API-Key header.
	admin := e.Group("/admin", handlers.AdminAuth(apiKey))
	admin.GET("/", handlers.AdminDashboard(database))
	admin.GET("/tables/:name/", handlers.AdminTable(database))
	admin.GET("/tables/:name/:pk/", handlers.AdminRow(database))

	log.Printf("starting server on %s", addr)
	e.Logger.Fatal(e.Start(addr))
}