require('dotenv').config();
const express = require('express');
const sql = require('mssql');
const cors = require('cors');

const app = express();
app.use(express.json());
app.use(cors());

const API_KEY = process.env.API_KEY;

const config = {
    user: process.env.DB_USERNAME_SQLSRVTEST,
    password: process.env.DB_PASSWORD_SQLSRVTEST,
    server: process.env.DB_HOST_SQLSRVTEST,
    port: parseInt(process.env.DB_PORT_SQLSRVTEST, 10),
    database: process.env.DB_DATABASE_SQLSRVTEST,
    options: {
        encrypt: false,
        trustServerCertificate: true
    }
};

// Middleware per verificare l'API Key
app.use((req, res, next) => {
    const apiKey = req.headers['x-api-key'];
    if (apiKey !== API_KEY) {
        return res.status(403).json({ error: 'Accesso negato' });
    }
    next();
});

// Endpoint per eseguire query
app.post('/query', async (req, res) => {
    try {
        console.log('Connect...')
        await sql.connect(config);
        console.log('query...', req.body.query)
        const result = await sql.query(req.body.query);
        if (result) {
            console.log('Risultato:', result.recordset);
            res.json(result.recordset);
        } else {
            res.json({});
        }
    } catch (err) {
        console.error('Error...', err.message)
        res.status(500).json({ error: err.message });
    } finally {
        sql.close();
    }
});

const PORT = process.env.SERVER_PORT || 3000;
app.listen(PORT, () => console.log(`Server in ascolto sulla porta ${PORT}`));