import express from "express";
import cors from "cors";
import cookieParser from "cookie-parser";
import path from "path";
import { fileURLToPath } from "url";

import { createSimulatorRouter } from "./modules/1-intake/routes/simulator.js";
import { createEvolutionRouter } from "./modules/1-intake/routes/evolution.js";
import { createWooWebhooksRouter } from "./modules/2-identity/routes/wooWebhooks.js";
import { createAuthRouter } from "./modules/auth/controllers/authRoutes.js";
import { createSystemUsersRouter } from "./modules/auth/controllers/usersRoutes.js";
import { createAuditLogRouter } from "./modules/auth/controllers/auditRoutes.js";
import { requireAuth } from "./modules/auth/middleware/requireAuth.js";
import { auditWriter } from "./modules/auth/middleware/auditWriter.js";

export function createApp({ tenantId }) {
  const app = express();
  app.set("trust proxy", true);

  app.use(cors({ origin: true, credentials: true }));
  app.use(express.json({ limit: "1mb" }));
  app.use(cookieParser());

  const __filename = fileURLToPath(import.meta.url);
  const __dirname = path.dirname(__filename);
  const publicDir = path.join(__dirname, "..", "public");

  // Webhooks externos (Evolution, Woo) NO llevan auth ni se trazan en el log
  // de operadores: se montan antes del requireAuth.
  app.use(createEvolutionRouter());
  app.use(createWooWebhooksRouter());

  // Auth endpoints (login/logout/me) van también antes del requireAuth.
  app.use(createAuthRouter());

  // Login HTML (sin auth).
  app.get("/login", (req, res) => {
    res.sendFile(path.join(publicDir, "login.html"));
  });

  // Static assets — SIN auth (assets del shell, login, fonts, etc.)
  app.use(express.static(publicDir));

  // SPA shell HTML — sin auth en el HTML; el JS gatea con /api/auth/me.
  app.get("/", (req, res) => {
    res.sendFile(path.join(publicDir, "index.html"));
  });
  const spaRoutes = [
    "/home", "/chat", "/conversaciones", "/usuarios", "/productos",
    "/equivalencias", "/crosssell", "/cantidades", "/pedidos",
    "/config-prompts", "/atencion-humana", "/configuracion",
    "/operadores", "/actividad",
  ];
  app.get(spaRoutes, (req, res) => {
    res.sendFile(path.join(publicDir, "index.html"));
  });
  app.get("/usuarios/:id", (req, res) => res.sendFile(path.join(publicDir, "index.html")));
  app.get("/productos/:id", (req, res) => res.sendFile(path.join(publicDir, "index.html")));
  app.get("/crosssell/:id", (req, res) => res.sendFile(path.join(publicDir, "index.html")));
  app.get("/pedidos/:id", (req, res) => res.sendFile(path.join(publicDir, "index.html")));

  // Todas las rutas de admin (data API) requieren login + se trazan.
  app.use(requireAuth);
  app.use(auditWriter);

  app.use(createSimulatorRouter({ tenantId }));
  app.use(createSystemUsersRouter());
  app.use(createAuditLogRouter());

  return app;
}