import { API_VERSION } from '@fan-passport/shared';
import cors from 'cors';
import express from 'express';
import helmet from 'helmet';
import morgan from 'morgan';
import { errorHandler, notFoundHandler } from './errors.js';
import { createRoutes } from './routes.js';
import { DemoStore } from './store.js';

function allowedCorsOrigins(): Set<string> {
  const configured = process.env.CORS_ORIGIN ?? 'http://localhost:5173,http://127.0.0.1:5173';
  return new Set(
    configured
      .split(',')
      .map((origin) => origin.trim())
      .filter(Boolean)
  );
}

export function createApp(store = new DemoStore()) {
  const app = express();
  const origins = allowedCorsOrigins();

  app.disable('x-powered-by');

  app.use(helmet());
  app.use(
    cors({
      origin(origin, callback) {
        if (!origin || origins.has(origin)) {
          callback(null, true);
          return;
        }

        callback(null, false);
      }
    })
  );
  app.use(express.json({ limit: '1mb' }));
  app.use(
    morgan('dev', {
      skip: () => process.env.NODE_ENV === 'test'
    })
  );

  app.get('/api/health', (_req, res) => {
    res.json({
      ok: true,
      version: API_VERSION,
      uptime: process.uptime()
    });
  });

  app.use('/api', createRoutes(store));
  app.use(notFoundHandler);
  app.use(errorHandler);

  return app;
}