const express = require('express');
const router = express.Router();
const db = require('../utils/db');
const auth = require('../middleware/auth');
const checkPermission = require('../middleware/checkPermission');
const bcrypt = require('bcryptjs');

// 获取用户列表
router.get('/users', auth, checkPermission('user:manage'), async (req, res) => {
  try {
    const [users] = await db.query(`
      SELECT a.*, 
             GROUP_CONCAT(ap.permission) as permissions
      FROM admins a
      LEFT JOIN admin_permissions ap ON a.id = ap.admin_id
      GROUP BY a.id
    `);

    users.forEach(user => {
      user.permissions = user.permissions ? user.permissions.split(',') : [];
      delete user.password;
    });

    res.json(users);
  } catch (error) {
    res.status(500).json({ message: error.message });
  }
});

// 添加用户
router.post('/users', auth, checkPermission('user:manage'), async (req, res) => {
  const connection = await db.getConnection();
  await connection.beginTransaction();

  try {
    const { username, email, password, role, status, permissions } = req.body;

    // 验证必填字段
    if (!username || !email || !password) {
      return res.status(400).json({ message: '用户名、邮箱和密码为必填项' });
    }

    // 检查用户名是否已存在
    const [existingUsers] = await connection.query(
      'SELECT id FROM admins WHERE username = ?',
      [username]
    );

    if (existingUsers.length > 0) {
      return res.status(400).json({ message: '用户名已存在' });
    }

    // 加密密码
    const hashedPassword = await bcrypt.hash(password, 10);

    // 插入用户记录
    const [result] = await connection.query(
      'INSERT INTO admins (username, email, password, role, status) VALUES (?, ?, ?, ?, ?)',
      [username, email, hashedPassword, role || 'editor', status || 'active']
    );

    // 添加权限
    if (permissions && permissions.length > 0) {
      const permissionValues = permissions.map(permission => [result.insertId, permission]);
      await connection.query(
        'INSERT INTO admin_permissions (admin_id, permission) VALUES ?',
        [permissionValues]
      );
    }

    await connection.commit();
    res.status(201).json({ message: '用户创建成功' });
  } catch (error) {
    await connection.rollback();
    res.status(500).json({ message: error.message });
  } finally {
    connection.release();
  }
});

// 更新用户
router.put('/users/:id', auth, checkPermission('user:manage'), async (req, res) => {
  const connection = await db.getConnection();
  await connection.beginTransaction();

  try {
    const { username, email, password, role, status, permissions } = req.body;
    const userId = req.params.id;

    // 检查用户是否存在
    const [existingUser] = await connection.query(
      'SELECT role FROM admins WHERE id = ?',
      [userId]
    );

    if (!existingUser.length) {
      return res.status(404).json({ message: '用户不存在' });
    }

    // 不允许非超级管理员修改超级管理员
    if (existingUser[0].role === 'superadmin' && req.admin.role !== 'superadmin') {
      return res.status(403).json({ message: '无权修改超级管理员' });
    }

    // 更新用户基本信息
    let updateQuery = 'UPDATE admins SET username = ?, email = ?';
    let updateParams = [username, email];

    if (password) {
      const hashedPassword = await bcrypt.hash(password, 10);
      updateQuery += ', password = ?';
      updateParams.push(hashedPassword);
    }

    if (role) {
      updateQuery += ', role = ?';
      updateParams.push(role);
    }

    if (status) {
      updateQuery += ', status = ?';
      updateParams.push(status);
    }

    updateQuery += ' WHERE id = ?';
    updateParams.push(userId);

    await connection.query(updateQuery, updateParams);

    // 更新权限
    if (permissions) {
      await connection.query('DELETE FROM admin_permissions WHERE admin_id = ?', [userId]);
      
      if (permissions.length > 0) {
        const permissionValues = permissions.map(permission => [userId, permission]);
        await connection.query(
          'INSERT INTO admin_permissions (admin_id, permission) VALUES ?',
          [permissionValues]
        );
      }
    }

    await connection.commit();
    res.json({ message: '用户更新成功' });
  } catch (error) {
    await connection.rollback();
    res.status(500).json({ message: error.message });
  } finally {
    connection.release();
  }
});

// 删除用户
router.delete('/users/:id', auth, checkPermission('user:manage'), async (req, res) => {
  try {
    const userId = req.params.id;

    // 检查用户是否存在
    const [existingUser] = await db.query(
      'SELECT role FROM admins WHERE id = ?',
      [userId]
    );

    if (!existingUser.length) {
      return res.status(404).json({ message: '用户不存在' });
    }

    // 不允许删除超级管理员
    if (existingUser[0].role === 'superadmin') {
      return res.status(403).json({ message: '不能删除超级管理员' });
    }

    // 不能删除自己
    if (userId === req.admin.id) {
      return res.status(400).json({ message: '不能删除自己的账号' });
    }

    await db.query('DELETE FROM admins WHERE id = ?', [userId]);
    res.json({ message: '用户删除成功' });
  } catch (error) {
    res.status(500).json({ message: error.message });
  }
});

module.exports = router;