const express = require('express');
const mysql = require('mysql2');
const cors = require('cors');
const helmet = require('helmet');
const app = express();

// 1. Security Headers (Fixes the CSP error)
app.use(helmet({
    contentSecurityPolicy: false, // Easiest for local development
}));

// 2. Allow Angular to connect
app.use(cors());
app.use(express.json());

// 3. MySQL Connection Pool
const pool = mysql.createPool({
  host: 'localhost',
  user: 'root',
  password: '123456', // Ensure this matches your MySQL password
  database: 'todo_db'
}).promise();

// 4. Root Route (Fixes the GET / 404)
app.get('/', (req, res) => {
    res.send("Todo Backend is Online");
});

// 5. Silences the Chrome DevTools error
app.get('/favicon.ico', (req, res) => res.status(204).end());

// 6. API Routes
app.get('/api/todos', async (req, res) => {
  try {
    const [rows] = await pool.query('SELECT * FROM todos');
    res.json(rows);
  } catch (err) {
    res.status(500).json({ error: err.message });
  }
});

// POST: Add a new todo
app.post('/api/todos', async (req, res) => {
    console.log("Received Add Request:", req.body);
    const { title, desc, active } = req.body;
    const sno = Date.now(); // Unique ID for MySQL BIGINT

    try {
        await pool.query(
            'INSERT INTO todos (sno, title, `desc`, active) VALUES (?, ?, ?, ?)',
            [sno, title, desc, active ? 1 : 0]
        );
        res.status(201).json({ sno, title, desc, active });
    } catch (err) {
        console.error("MySQL Insert Error:", err);
        res.status(500).json({ error: err.message });
    }
});

// PUT: Update todo status (Toggle)
app.put('/api/todos/:sno', async (req, res) => {
    const { sno } = req.params;
    const { active } = req.body;
    try {
        await pool.query('UPDATE todos SET active = ? WHERE sno = ?', [active ? 1 : 0, sno]);
        res.json({ message: "Status updated" });
    } catch (err) {
        res.status(500).json({ error: err.message });
    }
});

// DELETE: Remove a todo
app.delete('/api/todos/:sno', async (req, res) => {
    const { sno } = req.params;
    try {
        await pool.query('DELETE FROM todos WHERE sno = ?', [sno]);
        res.json({ message: "Todo deleted" });
    } catch (err) {
        res.status(500).json({ error: err.message });
    }
});

app.listen(3000, () => {
    console.log('-----------------------------------------');
    console.log('Server running on http://localhost:3000');
    console.log('MySQL Connected & CSP Errors Resolved');
    console.log('-----------------------------------------');
});