import { getAllUsers, createUser } from "@/lib/userManagement.js";
import { NextResponse } from "next/server";
import { withAdminAuth } from "@/lib/middleware/auth";

// GET: Get all users (admin only)
async function getUsersHandler(req) {
	try {
		const users = getAllUsers();
		// Remove password hashes from response
		const safeUsers = users.map(user => {
			const { password_hash, ...safeUser } = user;
			return safeUser;
		});
		return NextResponse.json(safeUsers);
	} catch (error) {
		console.error("Error fetching users:", error);
		return NextResponse.json(
			{ error: "Failed to fetch users" },
			{ status: 500 }
		);
	}
}

// POST: Create new user (admin only)
async function createUserHandler(req) {
	try {
		const data = await req.json();
		
		// Validate required fields
		if (!data.name || !data.username || !data.password) {
			return NextResponse.json(
				{ error: "Name, username, and password are required" },
				{ status: 400 }
			);
		}

		// Validate password length
		if (data.password.length < 6) {
			return NextResponse.json(
				{ error: "Password must be at least 6 characters long" },
				{ status: 400 }
			);
		}

		// Validate role
		const validRoles = ["read_only", "user", "project_manager", "admin"];
		if (data.role && !validRoles.includes(data.role)) {
			return NextResponse.json(
				{ error: "Invalid role specified" },
				{ status: 400 }
			);
		}

		const newUser = await createUser({
			name: data.name,
			username: data.username,
			password: data.password,
			role: data.role || "user",
			is_active: data.is_active !== undefined ? data.is_active : true
		});

		// Remove password hash from response
		const { password_hash, ...safeUser } = newUser;
		return NextResponse.json(safeUser, { status: 201 });

	} catch (error) {
		console.error("Error creating user:", error);
		
		if (error.message.includes("already exists")) {
			return NextResponse.json(
				{ error: "A user with this username already exists" },
				{ status: 409 }
			);
		}

		return NextResponse.json(
			{ error: "Failed to create user" },
			{ status: 500 }
		);
	}
}

// Protected routes - require admin authentication
export const GET = withAdminAuth(getUsersHandler);
export const POST = withAdminAuth(createUserHandler);