// Simulated user data (replace this with your user authentication)
const users = [
  { id: 1, username: 'user1', password: 'pass1' },
  { id: 2, username: 'user2', password: 'pass2' },
]

// Login route
app.post('/login', (req, res) => {
  const { username, password } = req.body

  // Simulated login logic (replace this with your actual authentication logic)
  const user = users.find((user) => user.username === username && user.password === password)

  if (user) {
    req.session.userId = user.id // Store user ID in the session
    res.json({ message: 'Login successful', user: { id: user.id, username: user.username } })
  } else {
    res.status(401).json({ message: 'Invalid credentials' })
  }
})

// Logout route
app.post('/logout', (req, res) => {
  req.session.destroy((err) => {
    if (err) {
      console.error('Error destroying session:', err)
      res.status(500).json({ message: 'Error logging out' })
    } else {
      res.json({ message: 'Logged out successfully' })
    }
  })
})

// Protected route (requires authentication)
app.get('/profile', (req, res) => {
  if (req.session.userId) {
    res.json({ message: 'Welcome to your profile', user: { id: req.session.userId } })
  } else {
    res.status(401).json({ message: 'Unauthorized' })
  }
})