const express = require('express');
const router = express.Router();
const bcrypt = require('bcryptjs');
const User = require('../models/User');

router.post('/register', async (req, res) => {
  const { username, password } = req.body;
  const hash = await bcrypt.hash(password, 10);
  try {
    const newUser = new User({ username, password: hash });
    await newUser.save();
    res.status(201).json({ success: true, message: 'User created' });
  } catch (err) {
    res.status(400).json({ success: false, message: 'User exists or error' });
  }
});


router.post('/login', async (req, res) => {
  const { username, password } = req.body;
  const user = await User.findOne({ username });
  if (!user) return res.status(400).json({ success: false, message: 'Invalid credentials' });

  const isMatch = await bcrypt.compare(password, user.password);
  if (!isMatch) return res.status(400).json({ success: false, message: 'Invalid credentials' });

  res.json({ success: true, message: 'Login successful' });
});

module.exports = router;