const {User} = require('../models');
const argon2 = require('argon2');
const { Op } = require('sequelize');

// Menampilkan semua user
exports.getAllUsers = async (req, res) => {
  try {
    const users = await User.findAll({ attributes: { exclude: ['password'] } });
    res.status(200).json(users);
  } catch (error) {
    res.status(500).json({ message: 'Error retrieving users', error });
  }
};

// Menampilkan satu user berdasarkan ID
exports.getUserById = async (req, res) => {
  try {
    const user = await User.findByPk(req.params.id, { attributes: { exclude: ['password'] } });
    if (!user) return res.status(404).json({ message: 'User not found' });
    res.status(200).json(user);
  } catch (error) {
    res.status(500).json({ message: 'Error retrieving user', error });
  }
};

// Menambahkan user baru dengan hashing Argon2
exports.createUser = async (req, res) => {
  try {
    const { name, email, password, alamat, nomorTelepon, role } = req.body;

    // Cek apakah email sudah terdaftar
    const existingUser = await User.findOne({ where: { email } });
    if (existingUser) return res.status(400).json({ message: 'Email already exists' });

    // Hash password menggunakan Argon2
    const hashedPassword = await argon2.hash(password);

    const newUser = await User.create({
      name,
      email,
      password: hashedPassword,
      alamat,
      nomorTelepon,
      role
    });

    res.status(201).json({ message: 'User created successfully', user: newUser });
  } catch (error) {
    res.status(500).json({ message: 'Error creating user', error });
  }
};

// Mengupdate user berdasarkan ID
exports.updateUser = async (req, res) => {
  try {
    const { name, email, alamat, nomorTelepon, role } = req.body;

    const user = await User.findByPk(req.params.id);
    if (!user) return res.status(404).json({ message: 'User not found' });

    await user.update({ name, email, alamat, nomorTelepon, role });

    res.status(200).json({ message: 'User updated successfully', user });
  } catch (error) {
    res.status(500).json({ message: 'Error updating user', error });
  }
};

// Mengupdate berdasarkan email 
exports.updateUserEmail = async (req, res) => {
    try {
        const { email, name, alamat, nomorTelepon, newPassword } = req.body;
    
        if (!email) {
          return res.status(400).json({ message: "Email harus disertakan" });
        }
    
        const user = await User.findOne({ where: { email } });
    
        if (!user) {
          return res.status(404).json({ message: "User tidak ditemukan" });
        }
    
        let hashedPassword = user.password;
        if (newPassword) {
          hashedPassword = await argon2.hash(newPassword);
        }
    
        await user.update({
          name: name || user.name,
          alamat: alamat || user.alamat,
          nomorTelepon: nomorTelepon || user.nomorTelepon,
          password: hashedPassword,
        });
    
        res.status(200).json({ message: "User berhasil diperbarui", user });
      } catch (error) {
        res.status(500).json({ message: "Terjadi kesalahan pada server", error });
      }
    };


// Menghapus user berdasarkan ID (soft delete)
exports.deleteUser = async (req, res) => {
  try {
    const user = await User.findByPk(req.params.id);
    if (!user) return res.status(404).json({ message: 'User not found' });

    await user.destroy();
    res.status(200).json({ message: 'User deleted successfully' });
  } catch (error) {
    res.status(500).json({ message: 'Error deleting user', error });
  }
};

// Mengembalikan user yang telah dihapus (restore soft delete)
exports.restoreUser = async (req, res) => {
  try {
    const user = await User.findOne({
      where: { id: req.params.id },
      paranoid: false,
    });

    if (!user) return res.status(404).json({ message: 'User not found' });

    await user.restore();
    res.status(200).json({ message: 'User restored successfully' });
  } catch (error) {
    res.status(500).json({ message: 'Error restoring user', error });
  }
};

// Verifikasi password dengan Argon2
exports.verifyPassword = async (req, res) => {
  try {
    const { email, password } = req.body;

    // Cari user berdasarkan email
    const user = await User.findOne({ where: { email } });
    if (!user) return res.status(404).json({ message: 'User not found' });

    // Verifikasi password
    const validPassword = await argon2.verify(user.password, password);
    if (!validPassword) return res.status(400).json({ message: 'Invalid password' });

    res.status(200).json({ message: 'Login successful' });
  } catch (error) {
    res.status(500).json({ message: 'Error verifying password', error });
  }
};