import { NextResponse } from 'next/server'
import { prisma } from '@/lib/prisma'
import { safeHandler, requireAuth, AuthError } from '@/lib/auth'
import bcrypt from 'bcryptjs'

export const GET = safeHandler(async (_req: Request, { params }: { params: Promise<{ id: string }> }) => {
  await requireAuth()
  const { id } = await params

  const user = await prisma.user.findUnique({
    where: { id },
    select: {
      id: true,
      name: true,
      email: true,
      role: true,
      phone: true,
      isActive: true,
      lastLoginAt: true,
      createdAt: true,
      updatedAt: true,
    },
  })

  if (!user) throw new AuthError('User not found', 404)
  return NextResponse.json(user)
})

export const PUT = safeHandler(async (req: Request, { params }: { params: Promise<{ id: string }> }) => {
  await requireAuth(['ADMIN'])
  const { id } = await params
  const data = await req.json()

  const updateData: any = {
    name: data.name,
    email: data.email,
    role: data.role,
    phone: data.phone || null,
    isActive: data.isActive,
  }

  if (data.password && data.password.trim() !== '') {
    updateData.passwordHash = await bcrypt.hash(data.password, 10)
  }

  const user = await prisma.user.update({
    where: { id },
    select: {
      id: true,
      name: true,
      email: true,
      role: true,
      phone: true,
      isActive: true,
      lastLoginAt: true,
      createdAt: true,
      updatedAt: true,
    },
    data: updateData,
  })

  return NextResponse.json(user)
})

export const DELETE = safeHandler(async (_req: Request, { params }: { params: Promise<{ id: string }> }) => {
  const { userId } = await requireAuth(['ADMIN'])
  const { id } = await params

  if (userId === id) {
    throw new AuthError('You cannot delete your own account', 400)
  }

  await prisma.user.delete({ where: { id } })
  return NextResponse.json({ message: 'Deleted' })
})