backend/server.js

require('dotenv').config();
const express = require('express');
const session = require('express-session');
const MongoStore = require('connect-mongo');
const cors = require('cors');
const passport = require('./config/passport');
const connectDB = require('./config/database');
const authRoutes = require('./routes/auth');
const roomRoutes = require('./routes/room');

const app = express();
const http = require('http').createServer(app);

// 1. Trust Proxy (Required for Hugging Face HTTPS)
app.set('trust proxy', 1);

// Define allowed origins
const allowedOrigins = [
  process.env.FRONTEND_URL,              // https://popcorn-ping.vercel.app
  "https://popcorn-ping.vercel.app",
  "http://localhost:3000"
].filter(Boolean);

// 2. Middleware
app.use(cors({
  origin: allowedOrigins,
  credentials: true,
}));
app.use(express.json());
app.use(express.urlencoded({ extended: true }));

// Debug Middleware: Log every request to see what's hitting the server
app.use((req, res, next) => {
  console.log(`[REQUEST] ${req.method} ${req.path}`);
  next();
});

// 3. Session Configuration
app.use(session({
  secret: process.env.SESSION_SECRET || 'fallback_secret',
  resave: false,
  saveUninitialized: false,
  store: MongoStore.create({
    mongoUrl: process.env.MONGODB_URI,
    mongoOptions: { serverSelectionTimeoutMS: 5000 }
  }),
  cookie: {
    maxAge: 1000 * 60 * 60 * 24 * 7, // 1 week
    httpOnly: true,
    secure: true, // MUST be true for Hugging Face
    sameSite: 'none' // MUST be 'none' for Google redirect
  },
}));

// 4. Passport Middleware
app.use(passport.initialize());
app.use(passport.session());

// 5. Basic Routes
app.get('/', (req, res) => {
  res.status(200).send(`<h1>🍿 PopcornPing Backend is Live!</h1><p>Running on: ${process.env.BACKEND_URL}</p>`);
});

app.get('/health', (req, res) => res.status(200).json({ status: 'OK' }));
app.get('/api/health', (req, res) => res.status(200).json({ status: 'OK' }));

// 6. API Routes
// Mount Auth Routes at /api/auth
// This matches: /api/auth/google/callback
console.log('Mounting Auth Routes at /api/auth');
app.use('/api/auth', authRoutes);

// Mount Room Routes at /api/rooms
console.log('Mounting Room Routes at /api/rooms');
app.use('/api/rooms', roomRoutes);

// 7. Socket Logic (Your existing logic)
const io = require('socket.io')(http, {
  cors: { origin: allowedOrigins, methods: ["GET", "POST"], credentials: true },
});
const rooms = {};
io.on('connection', (socket) => {
  /* ... Your socket logic (unchanged) ... */
  socket.on('disconnect', () => {}); // Shortened for brevity
});

// 8. 404 Handler (MUST BE LAST)
// Only catch requests that didn't match any route above
app.use('/api/*', (req, res) => {
  console.error(`[404] Route not found: ${req.method} ${req.originalUrl}`);
  res.status(404).json({ message: `API endpoint not found: ${req.originalUrl}` });
});

// 9. Global Error Handler
app.use((err, req, res, next) => {
  console.error('SERVER ERROR:', err.stack);
  res.status(500).json({ message: 'Something went wrong!', error: err.message });
});

// 10. Start Server
const PORT = process.env.PORT || 7860;
connectDB().then(() => {
  http.listen(PORT, '0.0.0.0', () => {
    console.log(`🚀 Backend running on port ${PORT}`);
    console.log(`🔗 Backend URL: ${process.env.BACKEND_URL}`);
  });
}).catch(err => {
  console.error('FATAL: MongoDB Connection Failed', err);
  process.exit(1);
});