const express = require("express");
const fs = require("fs");
const { createSigner, createVerifier } = require("fast-jwt");

const app = express();
app.use(express.json());

// Load PKCS#1 keys
const privateKey = fs.readFileSync("./keys/private.pem");
const publicKey = fs.readFileSync("./keys/public.pem");

// Signer dùng RS256 (an toàn)
const signSync = createSigner({
  algorithm: "RS256",
  key: privateKey,
});

// Hàm verify không check algorithm gây lỗi 
const verifySync = createVerifier({
  key: publicKey
});

app.get("/generateToken", (req, res) => {
  const token = signSync({ admin: false, user: "cuong" });
  res.json({ token });
});

app.get("/admin", (req, res) => {
  try {
    const auth = req.headers.authorization;
    if (!auth) return res.status(401).send("Missing token");

    const token = auth.split(" ")[1];
    const payload = verifySync(token);

    if (payload.admin === true) {
      return res.json({
        status: 200,
        message: "Welcome Admin!",
        data: payload,
      });
    }

    return res.json({
      status: 403,
      message: "You are not admin",
      data: payload,
    });
  } catch (err) {
    return res.status(401).send("Invalid Token");
  }
});

app.listen(3000, () => {
  console.log("Server running at http://localhost:3000");
});