package main

import (
	"log"
	"net/http"

	securityhandlers "synlotto-website/handlers/security"

	"synlotto-website/bootstrap"
	"synlotto-website/config"
	"synlotto-website/handlers"
	"synlotto-website/logging"
	"synlotto-website/middleware"
	"synlotto-website/models"
	"synlotto-website/routes"
	"synlotto-website/storage"
)

func main() {
	appState, err := bootstrap.LoadAppState("config/config.json")
	if err != nil {
		logging.Error("Failed to load app state: %v", err)
	}
	config.Init(appState.Config)
	logging.LogConfig(appState.Config)

	db := storage.InitDB("synlotto.db")
	models.SetDB(db) // Should be in storage not models.

	err = bootstrap.InitSession(appState.Config)
	if err != nil {
		logging.Error("❌ Failed to init session: %v", err)
	}

	err = securityhandlers.InitCSRFProtection([]byte(appState.Config.CSRF.CSRFKey), appState.Config.HttpServer.ProductionMode)
	if err != nil {
		logging.Error("Failed to init CSRF: %v", err)
	}

	mux := http.NewServeMux()
	routes.SetupAdminRoutes(mux, db)
	routes.SetupAccountRoutes(mux, db)
	routes.SetupResultRoutes(mux, db)
	routes.SetupSyndicateRoutes(mux, db)

	mux.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("static"))))
	mux.HandleFunc("/", handlers.Home(db))

	wrapped := securityhandlers.CSRFMiddleware(mux)
	wrapped = middleware.RateLimit(wrapped)
	wrapped = middleware.EnforceHTTPS(wrapped, appState.Config.HttpServer.ProductionMode)
	wrapped = middleware.SecureHeaders(wrapped)
	wrapped = middleware.Recover(wrapped)

	log.Println("🌐 Running on http://localhost:8080")
	http.ListenAndServe(":8080", wrapped)
}