import { NextRequest, NextResponse } from 'next/server';
import { db } from '@/lib/db';
import { users } from '@/lib/db/schema';
import { eq } from 'drizzle-orm';
import { getSession } from '@/lib/session';
import bcrypt from 'bcryptjs';

export async function PUT(request: NextRequest, { params }: { params: { id: string } }) {
	try {
		const session = await getSession();
		if (!session || session.role !== 'admin') {
			return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
		}

		const { name, surname, email, role, password } = await request.json();
		const userId = params.id;

		if (!name || !surname || !email) {
			return NextResponse.json({ error: 'Missing required fields' }, { status: 400 });
		}

		// Check if user exists
		const existingUser = await db.select().from(users).where(eq(users.id, userId)).limit(1);

		if (existingUser.length === 0) {
			return NextResponse.json({ error: 'User not found' }, { status: 404 });
		}

		// Prepare update data
		const updateData: any = {
			name,
			surname,
			email,
			role: role || 'user',
			updatedAt: new Date(),
		};

		// Only hash and update password if provided
		if (password) {
			updateData.password = await bcrypt.hash(password, 12);
		}

		// Update user
		const [updatedUser] = await db.update(users).set(updateData).where(eq(users.id, userId)).returning({
			id: users.id,
			name: users.name,
			surname: users.surname,
			email: users.email,
			role: users.role,
			createdAt: users.createdAt,
			updatedAt: users.updatedAt,
		});

		return NextResponse.json({ user: updatedUser, message: 'User updated successfully' });
	} catch (error) {
		console.error('Error updating user:', error);
		return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
	}
}

export async function DELETE(request: NextRequest, { params }: { params: { id: string } }) {
	try {
		const session = await getSession();
		if (!session || session.role !== 'admin') {
			return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
		}

		const userId = params.id;

		// Prevent admin from deleting themselves
		if (session.userId === userId) {
			return NextResponse.json({ error: 'Cannot delete your own account' }, { status: 400 });
		}

		// Check if user exists
		const existingUser = await db.select().from(users).where(eq(users.id, userId)).limit(1);

		if (existingUser.length === 0) {
			return NextResponse.json({ error: 'User not found' }, { status: 404 });
		}

		// Delete user
		await db.delete(users).where(eq(users.id, userId));

		return NextResponse.json({ message: 'User deleted successfully' });
	} catch (error) {
		console.error('Error deleting user:', error);
		return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
	}
}