const express = require('express');
const cors = require('cors');
const helmet = require('helmet');
// const db = require('./db'); // Commented out for testing
const authRoutes = require('./routes/auth');
const rolesRoutes = require('./routes/roles');
const auditLogger = require('./middleware/auditLogger');

const app = express();

// Middleware
app.use(helmet());
app.use(cors());
app.use(express.json());
app.use(auditLogger);

// Routes
app.use('/auth', authRoutes);
app.use('/api/users', rolesRoutes);

// Health check endpoint
app.get('/health', (req, res) => {
  res.json({ status: 'OK', timestamp: new Date().toISOString() });
});

// Error handling middleware
app.use((err, req, res, next) => {
  console.error(err.stack);
  res.status(500).json({ error: 'Something went wrong!' });
});

// 404 handler
app.use('*', (req, res) => {
  res.status(404).json({ error: 'Route not found' });
});

module.exports = app;