const express = require("express");
const router = express.Router();
const crypto = require("crypto");
const { executeQuery } = require("../config/database");

// 登录接口：校验用户名密码，返回/生成 token
router.post("/login", async (req, res) => {
  try {
    const { name, password } = req.body;

    if (!name || !password) {
      return res.status(400).json({ success: false, error: "Missing name or password" });
    }

    const sql = `
      SELECT id, status, name, is_admin, password, token, create_time
      FROM user_info
      WHERE name = ? AND password = ?
      LIMIT 1
    `;

    const rows = await executeQuery(sql, [name, password]);

    if (!rows || rows.length === 0) {
      return res.status(401).json({ success: false, error: "账号不存在" });
    }

    const user = rows[0];

    // 如果没有 token 或 token 为空，则生成新的 token 并更新到数据库
    let token = user.token;
    if (!token) {
      token = crypto.randomBytes(32).toString("hex");
      const updateSql = `
        UPDATE user_info
        SET token = ?, status = 'enable'
        WHERE id = ?
      `;
      await executeQuery(updateSql, [token, user.id]);
    }

    return res.json({
      success: true,
      message: "登录成功",
      data: {
        id: user.id,
        name: user.name,
        is_admin: user.is_admin || 0,
        status: user.status || null,
        token,
      },
    });
  } catch (error) {
    console.error("Login error:", error);
    return res.status(500).json({ success: false, error: "Internal server error" });
  }
});

module.exports = router;