tools_auto_web/server/routes/userToolsSet.js

const express = require("express");
const router = express.Router();
const { executeQuery } = require("../config/database");
const crypto = require("crypto");

// 获取用户列表（user_info：name, create_time）
router.get("/users", async (req, res) => {
  try {
    const auth = req.headers["authorization"] || "";
    const token = auth.startsWith("Bearer ") ? auth.slice(7) : null;
    if (!token) {
      return res.status(401).json({ error: "未登录或缺少token" });
    }

    const meRows = await executeQuery(`SELECT name, is_admin FROM user_info WHERE token = ? LIMIT 1`, [token]);
    if (!meRows || meRows.length === 0) {
      return res.status(401).json({ error: "无效的用户token" });
    }
    const me = meRows[0];

    let sql = "";
    let params = [];
    if (Number(me.is_admin) === 1) {
      sql = `SELECT name, create_time FROM user_info ORDER BY create_time DESC`;
      params = [];
    } else {
      sql = `SELECT name, create_time FROM user_info WHERE name = ? ORDER BY create_time DESC`;
      params = [me.name];
    }

    const rows = await executeQuery(sql, params);
    res.json({ users: rows, me });
  } catch (error) {
    console.error("Error fetching users:", error);
    res.status(500).json({ error: "Internal server error" });
  }
});

// 新增：获取用户 tokens 列表（tools_token：user, token）
router.get("/tokens", async (req, res) => {
  try {
    const auth = req.headers["authorization"] || "";
    const token = auth.startsWith("Bearer ") ? auth.slice(7) : null;
    if (!token) {
      return res.status(401).json({ error: "未登录或缺少token" });
    }

    const meRows = await executeQuery(`SELECT name, is_admin FROM user_info WHERE token = ? LIMIT 1`, [token]);
    if (!meRows || meRows.length === 0) {
      return res.status(401).json({ error: "无效的用户token" });
    }
    const me = meRows[0];

    let sql = "";
    let params = [];
    if (Number(me.is_admin) === 1) {
      sql = `SELECT user, token FROM tools_token ORDER BY id DESC`;
      params = [];
    } else {
      sql = `SELECT user, token FROM tools_token WHERE user = ? ORDER BY id DESC`;
      params = [me.name];
    }

    const rows = await executeQuery(sql, params);
    res.json({ tokens: rows, me });
  } catch (error) {
    console.error("Error fetching tokens:", error);
    res.status(500).json({ error: "Internal server error" });
  }
});

// 获取工具列表（tools_library：tools_id, tools_name, tools_function_name, status）
router.get("/tools", async (req, res) => {
  try {
    const sql = `
      SELECT tools_id, tools_name, tools_function_name,tools_full_name, mcp_tools_name, status
      FROM tools_library
      ORDER BY create_time DESC
    `;
    const rows = await executeQuery(sql, []);
    res.json({ tools: rows });
  } catch (error) {
    console.error("Error fetching tools:", error);
    res.status(500).json({ error: "Internal server error" });
  }
});

// 根据token获取已设置的工具集
router.get("/token-tools/:token", async (req, res) => {
  try {
    const { token } = req.params;
    if (!token) {
      return res.status(400).json({ error: "缺少token参数" });
    }

    const sql = `
      SELECT tools_id
      FROM tools_token_set
      WHERE token = ?
      ORDER BY create_time DESC
    `;
    const rows = await executeQuery(sql, [token]);
    const toolsIds = rows.map((row) => row.tools_id);

    res.json({ tools_ids: toolsIds });
  } catch (error) {
    console.error("Error fetching token tools:", error);
    res.status(500).json({ error: "Internal server error" });
  }
});

// 保存用户的工具集：根据 user_name 查找启用的 token，然后把所选 tools_id 批量插入 tools_token_set
router.post("/save", async (req, res) => {
  try {
    const { user_name, tools_ids, token: payloadToken } = req.body;
    if (!user_name || !Array.isArray(tools_ids)) {
      return res.status(400).json({ error: "参数错误：需要 user_name 和 tools_ids 数组" });
    }

    // 优先使用请求体中的 token；若未提供则回退为该用户最新启用的 token
    let token = payloadToken;
    if (!token) {
      const tokenRows = await executeQuery(
        `SELECT token FROM tools_token WHERE user = ? AND status = 'enable' ORDER BY id DESC LIMIT 1`,
        [user_name]
      );
      if (!tokenRows || tokenRows.length === 0) {
        return res.status(404).json({ error: "未找到启用的用户token" });
      }
      token = tokenRows[0].token;
    }

    // 覆盖保存：先清空当前 token 下的旧设置
    await executeQuery(`DELETE FROM tools_token_set WHERE token = ?`, [token]);

    // 若本次没有选择工具，则直接返回成功（代表清空）
    if (!tools_ids || tools_ids.length === 0) {
      return res.json({ success: true, message: "已清空工具设置", token, count: 0 });
    }

    // 批量插入所选工具
    for (const tools_id of tools_ids) {
      await executeQuery(
        `INSERT INTO tools_token_set (token, tools_id, create_time) VALUES (?, ?, NOW())`,
        [token, tools_id]
      );
    }

    res.json({ success: true, message: "保存成功", token, count: tools_ids.length });
  } catch (error) {
    console.error("Error saving tools token set:", error);
    res.status(500).json({ error: "Internal server error" });
  }
});

// 新增用户：name, password, is_admin，并生成 token = MD5(name+password) 大写32位
router.post("/add-user", async (req, res) => {
  try {
    const { name, password, is_admin } = req.body;
    if (!name || !password || typeof is_admin === "undefined") {
      return res.status(400).json({ error: "缺少必要参数：name、password、is_admin" });
    }
    const raw = `${name}${password}`;
    const md5 = crypto.createHash("md5").update(raw).digest("hex").toUpperCase();

    // 检查是否已存在同名用户
    const existRows = await executeQuery(`SELECT id FROM user_info WHERE name = ? LIMIT 1`, [name]);
    if (existRows && existRows.length > 0) {
      return res.status(409).json({ error: "用户名已存在" });
    }

    const insertSql = `
      INSERT INTO user_info (status, name, is_admin, password, token, create_time)
      VALUES ('enable', ?, ?, ?, ?, NOW())
    `;
    await executeQuery(insertSql, [name, Number(is_admin) ? 1 : 0, password, md5]);

    res.json({ success: true, token: md5 });
  } catch (error) {
    console.error("Error adding user:", error);
    res.status(500).json({ error: "Internal server error" });
  }
});

module.exports = router;