const express = require('express');
const router = express.Router();
const userService = require('../services/userService');
const { generateToken, authMiddleware, getActiveUser } = require('../middleware/auth');
const { loginSchema } = require('../validators/login.validator');
const { passwordChangeSchema } = require('../validators/password.validator');

router.post('/login', async (req, res) => {
  const { error } = loginSchema.validate(req.body);
  if (error) return res.status(400).json({ reason: error.message });

  const isValid = await userService.checkPassword(req.body.username, req.body.password);
  if (!isValid) return res.status(401).json({ reason: 'Invalid username or password' });

  const user = await userService.getUserByUsername(req.body.username);
  const token = generateToken(user);
  res.json({ token });
});

router.post('/register', async (req, res) => {
  const { error } = loginSchema.validate(req.body);
  if (error) return res.status(400).json({ reason: error.message });

  if (await userService.usernameTaken(req.body.username))
    return res.status(409).json({ reason: 'This user already exists.' });

  const user = await userService.createUser(req.body.username, req.body.password);
  if (!user) return res.status(500).json({ reason: 'Failed to register user' });

  const token = generateToken(user);
  res.json({ token });
});

router.get('/check', authMiddleware, async (req, res) => {
  const user = await getActiveUser(req);
  if (user) return res.sendStatus(200);
  return res.sendStatus(403);
});

router.post('/change_password', authMiddleware, async (req, res) => {
  const { error } = passwordChangeSchema.validate(req.body);
  if (error) return res.status(400).json({ reason: error.message });

  const user = await getActiveUser(req);
  if (!user) return res.sendStatus(401);

  const validOld = await userService.checkPassword(user.username, req.body.oldPassword);
  if (!validOld) return res.sendStatus(409);

  await userService.updatePassword(user._id, req.body.newPassword);
  res.sendStatus(200);
});

router.get('/info', authMiddleware, async (req, res) => {
  const user = await getActiveUser(req);
  if (!user) return res.sendStatus(401);
  res.json({ username: user.username, avatar: null });
});

module.exports = router;