local cjson = require "cjson"

local password_path = "password.txt"

ngx.req.read_body()
local body = ngx.req.get_body_data()

if not body then
    ngx.status = ngx.HTTP_BAD_REQUEST
    ngx.say("No body found")
    return
end

local ok, json_data = pcall(cjson.decode, body)
if not ok then
    ngx.status = ngx.HTTP_BAD_REQUEST
    ngx.say("Invalid JSON")
    return
end

local user_account = json_data.account
local user_password = json_data.password

local reply = {}

local file = io.open(password_path, "r")
if not file then
    ngx.log(ngx.INFO, "无法打开文件: ", password_path)
    reply.status = -1000
    reply.message = "服务器错误,找不到 " .. password_path;
    ngx.say(cjson.encode(reply))
    return
end

local credentials = {}
for line in file:lines() do
    local account, password = line:match("([^=]+)=([^=]+)")
    if account and password then
        credentials[account] = password
    end
end
file:close()

local session = require "resty.session".start()

if credentials[user_account] == user_password then
    reply.status = 0
    reply.message = "登录成功"
    session:set("account", user_account)
    session:set("authenticated", true)
    session:save()
else
    reply.status = -100
    reply.message = "登录失败"
end

ngx.say(cjson.encode(reply))