const express = require('express');
const router = express.Router();
const { generateCallbackSignature, verifySignature } = require('../services/signature');
const { handleEvent } = require('../services/eventHandler');
const logger = require('../utils/logger');
const { BOT_SECRET } = require('../config');

router.post('/webhook', (req, res) => {
  logger.info('收到 Webhook 请求');
  const signature = req.headers['x-signature-ed25519'];
  const timestamp = req.headers['x-signature-timestamp'];
  const rawBody = req.rawBody;
  const body = req.body;

  // 回调地址验证
  if (body?.op === 13 && body.d) {
    const { plain_token, event_ts } = body.d;
    if (!BOT_SECRET) {
      logger.error('未配置 BOT_SECRET');
      return res.status(500).send('未配置 BOT_SECRET');
    }
    const signature = generateCallbackSignature(event_ts, plain_token);
    logger.info('回调校验签名生成成功');
    return res.json({ plain_token, signature });
  }

  // 普通事件签名校验
  if (!signature || !timestamp || !rawBody) {
    logger.error('缺少签名参数');
    return res.status(400).send('缺少签名参数');
  }
  if (!verifySignature(timestamp, rawBody, signature)) {
    logger.error('签名校验失败');
    return res.status(401).send('签名校验失败');
  }
  logger.info('签名校验通过');
  logger.info('收到事件:', JSON.stringify(body, null, 2));

  // 事件分发
  handleEvent(body, res);
});

module.exports = router;