const express = require('express');
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const router = express.Router();

const authMiddleware = require('../middleware/authMiddleware');

const User = require('../models/User');

// 注册
router.post('/register', async (req, res) => {
  const { username, password } = req.body;
  try {
    const existing = await User.findOne({ username });
    if (existing) {
      return res.badRequest('用户已存在');
    }

    const hashedPassword = await bcrypt.hash(password, 10);
    const user = new User({ username, password: hashedPassword });
    await user.save();
    res.sendSuccess('注册成功');
  }
  catch (err) {
    res.serverError();
  }
});

// 登录
router.post('/login', async (req, res) => {
  const { username, password } = req.body;
  try {
    const user = await User.findOne({ username });
    if (!user) {
      return res.badRequest('用户不存在');
    }

    const isMatch = await bcrypt.compare(password, user.password);
    if (!isMatch) {
      return res.badRequest('密码错误');
    }

    // 签发 Access Token 和 Refresh Token
    const accessToken = jwt.sign({ userId: user._id }, process.env.JWT_SECRET, { expiresIn: '1h' });
    const refreshToken = jwt.sign({ userId: user._id }, process.env.JWT_SECRET, { expiresIn: '7d' });

    res.json({ access_token: accessToken, refresh_token: refreshToken });
  }
  catch (err) {
    res.serverError();
  }
});

// 刷新 Token
router.post('/refresh_token', async (req, res) => {
  const { refreshToken } = req.body;

  if (!refreshToken) {
    return res.unauthorized('无效的 "refresh token"');
  }

  try {
    // 验证 Refresh Token
    const decoded = jwt.verify(refreshToken, process.env.JWT_SECRET);
    const user = await User.findById(decoded.userId);
    if (!user) {
      return res.unauthorized('用户不存在');
    }

    // 签发新的 Access Token
    const newAccessToken = jwt.sign({ userId: user._id }, process.env.JWT_SECRET, { expiresIn: '1h' });

    res.json({ access_token: newAccessToken });
  }
  catch (err) {
    res.unauthorized('无效或已过期的 "refresh token"');
  }
});

// 受保护接口
// router.get('/profile', authMiddleware, async (req, res) => {
//   const user = await User.findById(req.userId).select('-password');
//   res.json(user);
// });

module.exports = router;