import { NextRequest, NextResponse } from 'next/server';
import { db } from '@/lib/db';
import { users } from '@/lib/db/schema';
import { eq } from 'drizzle-orm';
import { getSession } from '@/lib/session';
import bcrypt from 'bcryptjs';

export async function GET(request: NextRequest) {
	try {
		const session = await getSession();
		if (!session || session.role !== 'admin') {
			return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
		}

		const allUsers = await db
			.select({
				id: users.id,
				name: users.name,
				surname: users.surname,
				email: users.email,
				role: users.role,
				createdAt: users.createdAt,
			})
			.from(users);

		return NextResponse.json({ users: allUsers });
	} catch (error) {
		console.error('Error fetching users:', error);
		return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
	}
}

export async function POST(request: NextRequest) {
	try {
		const session = await getSession();
		if (!session || session.role !== 'admin') {
			return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
		}

		const { name, surname, email, password, role } = await request.json();

		if (!name || !surname || !email || !password) {
			return NextResponse.json({ error: 'Missing required fields' }, { status: 400 });
		}

		// Check if user already exists
		const existingUser = await db.select().from(users).where(eq(users.email, email)).limit(1);

		if (existingUser.length > 0) {
			return NextResponse.json({ error: 'User with this email already exists' }, { status: 400 });
		}

		// Hash password
		const hashedPassword = await bcrypt.hash(password, 12);

		// Create user
		const [newUser] = await db
			.insert(users)
			.values({
				id: crypto.randomUUID(),
				name,
				surname,
				email,
				password: hashedPassword,
				role: role || 'user',
				createdAt: new Date(),
				updatedAt: new Date(),
			})
			.returning({
				id: users.id,
				name: users.name,
				surname: users.surname,
				email: users.email,
				role: users.role,
				createdAt: users.createdAt,
			});

		return NextResponse.json({ user: newUser, message: 'User created successfully' });
	} catch (error) {
		console.error('Error creating user:', error);
		return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
	}
}