const form = document.getElementById("login-form");
const messageEl = document.getElementById("form-message");

function getSiteKey() {
  const params = new URLSearchParams(window.location.search);
  const urlKey = params.get("siteKey");
  if (urlKey) return urlKey.trim();
  const meta = document.querySelector('meta[name="site-key"]');
  if (meta && meta.content) return meta.content.trim();
  return window.location.hostname || "unknown";
}

function getRedirectUrl() {
  const params = new URLSearchParams(window.location.search);
  return params.get("redirect") || "/";
}

function setMessage(text, type) {
  messageEl.textContent = text;
  messageEl.classList.remove("form__message--error", "form__message--success");
  if (type === "error") messageEl.classList.add("form__message--error");
  if (type === "success") messageEl.classList.add("form__message--success");
}

form.addEventListener("submit", async (event) => {
  event.preventDefault();
  const formData = new FormData(form);
  const login = String(formData.get("login") || "").trim();
  const password = String(formData.get("password") || "");
  const siteKey = getSiteKey();

  if (!login || !password) {
    setMessage("Введите логин и пароль.", "error");
    return;
  }

  setMessage("Проверяем данные...", "");
  const submitButton = form.querySelector("button[type='submit']");
  submitButton.disabled = true;

  try {
    const response = await fetch("./api/login.php", {
      method: "POST",
      headers: { "Content-Type": "application/json" },
      body: JSON.stringify({ login, password, siteKey }),
    });
    const data = await response.json().catch(() => ({}));

    if (!response.ok) {
      setMessage(data?.message || "Ошибка входа.", "error");
      return;
    }

    setMessage("Доступ разрешен.", "success");
    const redirect = getRedirectUrl();
    setTimeout(() => {
      window.location.href = redirect;
    }, 400);
  } catch (error) {
    setMessage("Сеть недоступна.", "error");
  } finally {
    submitButton.disabled = false;
  }
});