const express = require('express');
const router = express.Router();
const db = require('../utils/db');
const auth = require('../middleware/auth');
const checkPermission = require('../middleware/checkPermission');
const { broadcastNewMessage } = require('../websocket');

// 提交留言
router.post('/', async (req, res) => {
  try {
    const { name, email, message } = req.body;
    
    const [result] = await db.query(
      'INSERT INTO messages (name, email, content) VALUES (?, ?, ?)',
      [name, email, message]
    );
    
    // 获取新插入的消息详情
    const [newMessage] = await db.query(
      'SELECT * FROM messages WHERE id = ?',
      [result.insertId]
    );
    
    // 广播新消息通知
    broadcastNewMessage(newMessage[0]);
    
    res.status(201).json({ message: '留言提交成功' });
  } catch (error) {
    res.status(500).json({ message: error.message });
  }
});

// 获取留言列表（需要管理员权限）
router.get('/', auth, checkPermission('message:manage'), async (req, res) => {
  try {
    const [messages] = await db.query(`
      SELECT m.*, a.username as reader_name 
      FROM messages m
      LEFT JOIN admins a ON m.read_by = a.id
      ORDER BY m.created_at DESC
    `);
    res.json(messages);
  } catch (error) {
    res.status(500).json({ message: error.message });
  }
});

// 标记留言为已读
router.put('/:id/read', auth, checkPermission('message:manage'), async (req, res) => {
  try {
    await db.query(
      `UPDATE messages 
       SET status = 'read', 
           read_by = ?, 
           read_at = CURRENT_TIMESTAMP 
       WHERE id = ?`,
      [req.admin.id, req.params.id]
    );
    res.json({ message: '标记成功' });
  } catch (error) {
    res.status(500).json({ message: error.message });
  }
});

module.exports = router;