const db = require("../db");
const {  createUser,  getAllUsers} = require("../services/admin.service");
const bcrypt = require("bcrypt");

async function listUsers(req, res) {
  try {
    const users = await getAllUsers(db);
    res.render("admin_users", {
      users,
      currentUser: req.session.user
    });
  } catch (err) {
    console.error(err);
    res.send("Datenbankfehler");
  }
}

function showCreateUser(req, res) {
  res.render("admin_create_user", {
    error: null,
    user: req.session.user
  });
}

async function postCreateUser(req, res) {
  let { username, password, role } = req.body;
  username = username.trim();

  if (!username || !password || !role) {
    return res.render("admin_create_user", {
      error: "Alle Felder sind Pflichtfelder",
      user: req.session.user
    });
  }

  try {
    await createUser(db, username, password, role);

    req.session.flash = {
      type: "success",
      message: "Benutzer erfolgreich angelegt"
    };

    res.redirect("/admin/users");
  } catch (error) {
    res.render("admin_create_user", {
      error,
      user: req.session.user
    });
  }
}

async function changeUserRole(req, res) {
  const userId = req.params.id;
  const { role } = req.body;

  if (!["arzt", "mitarbeiter"].includes(role)) {
    req.session.flash = { type: "danger", message: "Ungültige Rolle" };
    return res.redirect("/admin/users");
  }

  db.query(
    "UPDATE users SET role = ? WHERE id = ?",
    [role, userId],
    err => {
      if (err) {
        console.error(err);
        req.session.flash = { type: "danger", message: "Fehler beim Ändern der Rolle" };
      } else {
        req.session.flash = { type: "success", message: "Rolle erfolgreich geändert" };
      }
      res.redirect("/admin/users");
    }
  );
}

async function resetUserPassword(req, res) {
  const userId = req.params.id;
  const { password } = req.body;

  if (!password || password.length < 4) {
    req.session.flash = { type: "warning", message: "Passwort zu kurz" };
    return res.redirect("/admin/users");
  }

  const hash = await bcrypt.hash(password, 10);
  
  db.query(
    "UPDATE users SET password = ? WHERE id = ?",
    [hash, userId],
    err => {
      if (err) {
        console.error(err);
        req.session.flash = { type: "danger", message: "Fehler beim Zurücksetzen" };
      } else {
        req.session.flash = { type: "success", message: "Passwort zurückgesetzt" };
      }
      res.redirect("/admin/users");
    }
  );
}


module.exports = {
  listUsers,
  showCreateUser,
  postCreateUser,
  changeUserRole,
  resetUserPassword
};