import express from 'express';
import cookieParser from 'cookie-parser';
import cors from 'cors';
import helmet from 'helmet';
import rateLimit from 'express-rate-limit';
import dotenv from 'dotenv';

dotenv.config();

import authRoutes from './routes/auth';
import billingRoutes from './routes/billing';
import userRoutes from './routes/user';
import demoRoutes from './routes/demo';
import adminRoutes from './routes/admin';
import pageviewsRoutes from './routes/pageviews';
// import { startBot } from './services/telegram'; // Disabled: OpenClaw handles the bot

const app = express();
app.set('trust proxy', 1);
const PORT = process.env.PORT || 3003;

// Security headers
app.use(helmet());

// Middleware
app.use(cors({
  origin: process.env.CORS_ORIGIN || 'https://sportsclaw.guru',
  credentials: true,
}));

// Raw body for Stripe webhooks
app.use('/api/billing/webhook', express.raw({ type: 'application/json' }));

// JSON body for everything else (1MB limit to prevent DoS)
app.use(express.json({ limit: '1mb' }));
app.use(cookieParser());

// Rate limiters
const loginLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 5,
  message: { error: 'Too many login attempts, please try again later' },
  standardHeaders: true,
  legacyHeaders: false,
});

const signupLimiter = rateLimit({
  windowMs: 60 * 60 * 1000, // 1 hour
  max: 3,
  message: { error: 'Too many signup attempts, please try again later' },
  standardHeaders: true,
  legacyHeaders: false,
});

// Per-user rate limiter for authenticated endpoints
const apiLimiter = rateLimit({
  windowMs: 60 * 1000, // 1 minute
  max: 30,
  message: { error: 'Too many requests, please try again later' },
  standardHeaders: true,
  legacyHeaders: false,
});

// Billing rate limiter (prevent checkout spam)
const billingLimiter = rateLimit({
  windowMs: 60 * 1000, // 1 minute
  max: 5,
  message: { error: 'Too many billing requests, please try again later' },
  standardHeaders: true,
  legacyHeaders: false,
});

app.use('/api/auth/login', loginLimiter);
app.use('/api/auth/signup', signupLimiter);
app.use('/api/user', apiLimiter);
app.use('/api/billing', billingLimiter);

// Routes
app.use('/api/auth', authRoutes);
app.use('/api/billing', billingRoutes);
app.use('/api/user', userRoutes);
app.use('/api/demo', demoRoutes);
app.use('/api/admin', adminRoutes);
app.use('/api/pageviews', pageviewsRoutes);

// Health check
app.get('/health', (req, res) => {
  res.json({ status: 'ok', service: 'sportsclaw-api' });
});

// Error handler
app.use((err: any, req: express.Request, res: express.Response, next: express.NextFunction) => {
  console.error('Error:', err);
  res.status(500).json({ error: 'Internal server error' });
});

// Start server
app.listen(PORT, () => {
  console.log(`🦞 SportsClaw API running on port ${PORT}`);
  
  // Telegram bot handled by OpenClaw gateway (not this Express server)
  console.log('📡 Telegram bot managed by OpenClaw gateway');
});