/**
 * 忘记密码 / 重置密码（Web 端）
 * POST { phone, newPassword } -> 按手机号更新密码（无验证码版本，适合内测/内部使用）
 */

import { NextRequest, NextResponse } from 'next/server'
import { query } from '@/lib/db'
import { hashPassword } from '@/lib/password'

export async function POST(request: NextRequest) {
  try {
    const body = await request.json()
    const { phone, newPassword } = body

    if (!phone || !newPassword) {
      return NextResponse.json(
        { success: false, error: '请输入手机号和新密码' },
        { status: 400 }
      )
    }

    const trimmedPhone = String(phone).trim()
    const trimmedPassword = String(newPassword).trim()

    if (trimmedPassword.length < 6) {
      return NextResponse.json(
        { success: false, error: '密码至少 6 位' },
        { status: 400 }
      )
    }

    const rows = await query('SELECT id FROM users WHERE phone = ?', [trimmedPhone]) as any[]
    if (!rows || rows.length === 0) {
      return NextResponse.json(
        { success: false, error: '该手机号未注册' },
        { status: 404 }
      )
    }

    const hashed = hashPassword(trimmedPassword)
    await query('UPDATE users SET password = ?, updated_at = NOW() WHERE phone = ?', [
      hashed,
      trimmedPhone,
    ])

    return NextResponse.json({ success: true, message: '密码已重置，请使用新密码登录' })
  } catch (e) {
    console.error('[Auth ResetPassword] error:', e)
    return NextResponse.json(
      { success: false, error: '重置失败' },
      { status: 500 }
    )
  }
}