import Fastify from 'fastify';
import cors from '@fastify/cors';
import helmet from '@fastify/helmet';
import rateLimit from '@fastify/rate-limit';
import pino from 'pino';
import { config } from './config/index.js';
import { getPoolForAuth } from './data/db.js';
import { authHook, decorateAuth, registerAuthRoutes, registerProtectedAuthRoutes } from './auth/middleware.js';
import { registerRunbookRoutes } from './api/runbooks.js';
import { registerApprovalRoutes } from './api/approvals.js';
import { registerSlackRoutes } from './slackbot/handler.js';

const logger = pino({ name: 'dd0c-run', level: config.LOG_LEVEL });

const app = Fastify({ logger: true });

await app.register(cors, { origin: config.CORS_ORIGIN });
await app.register(helmet);
await app.register(rateLimit, { max: 100, timeWindow: '1 minute' });

const pool = getPoolForAuth();
decorateAuth(app);

// Public routes (no auth)
app.get('/health', async () => ({ status: 'ok', service: 'dd0c-run' }));
app.get('/version', async () => ({ version: process.env.BUILD_SHA || 'dev', built: process.env.BUILD_TIME || 'unknown' }));
registerSlackRoutes(app);

// Auth routes (public - login/signup)
registerAuthRoutes(app, config.JWT_SECRET, pool);

// Protected routes (auth required)
app.register(async function protectedRoutes(protectedApp) {
  protectedApp.addHook('onRequest', authHook(config.JWT_SECRET, pool));
  registerProtectedAuthRoutes(protectedApp, config.JWT_SECRET, pool);
  registerRunbookRoutes(protectedApp);
  registerApprovalRoutes(protectedApp);
});

try {
  await app.listen({ port: config.PORT, host: '0.0.0.0' });
  logger.info({ port: config.PORT }, 'dd0c/run SaaS started');
} catch (err) {
  logger.fatal(err, 'Failed to start');
  process.exit(1);
}