const express = require('express');
const AuthManager = require('../utils/auth');
const { requireAuth } = require('../middleware/auth');

const router = express.Router();
const authManager = new AuthManager();

// Initialize auth manager
authManager.initialize().catch(console.error);

// All routes require authentication
router.use(requireAuth);

// User management page
router.get('/', async (req, res) => {
  try {
    const users = await authManager.getAllUsers();
    
    res.render('users/index', {
      title: 'User Management',
      users: users,
      currentPage: 'users'
    });
  } catch (error) {
    console.error('Error getting users:', error);
    res.status(500).render('error', {
      error: 'Failed to load users',
      message: error.message
    });
  }
});

// Create new user page
router.get('/new', (req, res) => {
  res.render('users/new', {
    title: 'Create New User',
    currentPage: 'users'
  });
});

// Process user creation
router.post('/create', async (req, res) => {
  try {
    const { username, password, confirmPassword } = req.body;
    const createdByUserId = req.session.user.id;
    
    // Validate inputs
    if (!username || !password || !confirmPassword) {
      return res.render('users/new', {
        title: 'Create New User',
        error: 'All fields are required',
        currentPage: 'users',
        formData: { username }
      });
    }
    
    if (password !== confirmPassword) {
      return res.render('users/new', {
        title: 'Create New User',
        error: 'Passwords do not match',
        currentPage: 'users',
        formData: { username }
      });
    }
    
    const user = await authManager.createUser(username, password, createdByUserId);
    
    res.redirect('/users?created=' + encodeURIComponent(username));
    
  } catch (error) {
    console.error('User creation error:', error);
    
    res.render('users/new', {
      title: 'Create New User',
      error: error.message,
      currentPage: 'users',
      formData: { 
        username: req.body.username
      }
    });
  }
});

// Delete user
router.post('/delete/:userId', async (req, res) => {
  try {
    const { userId } = req.params;
    const currentUserId = req.session.user.id;
    
    // Prevent self-deletion
    if (parseInt(userId) === currentUserId) {
      return res.status(400).json({ error: 'Cannot delete your own account' });
    }
    
    const deleted = await authManager.deleteUser(userId);
    
    if (deleted) {
      if (req.headers.accept && req.headers.accept.includes('application/json')) {
        res.json({ message: 'User deleted successfully' });
      } else {
        res.redirect('/users?deleted=true');
      }
    } else {
      res.status(404).json({ error: 'User not found' });
    }
    
  } catch (error) {
    console.error('Error deleting user:', error);
    
    if (req.headers.accept && req.headers.accept.includes('application/json')) {
      res.status(500).json({ error: 'Failed to delete user' });
    } else {
      res.redirect('/users?error=' + encodeURIComponent(error.message));
    }
  }
});

module.exports = router;