/**
 * 用户管理API
 * 提供用户的CRUD操作
 */

import { NextRequest, NextResponse } from 'next/server'
import { query } from '@/lib/db'
import { hashPassword } from '@/lib/password'

// 生成用户ID
function generateUserId(): string {
  return 'user_' + Date.now().toString(36) + Math.random().toString(36).substr(2, 9)
}

// 生成推荐码
function generateReferralCode(seed: string): string {
  const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
  const hash = seed.split('').reduce((acc, char) => acc + char.charCodeAt(0), 0)
  let code = 'SOUL'
  for (let i = 0; i < 4; i++) {
    code += chars.charAt((hash + i * 7) % chars.length)
  }
  return code
}

/**
 * GET - 获取用户列表
 */
export async function GET(request: NextRequest) {
  const { searchParams } = new URL(request.url)
  const id = searchParams.get('id')
  const phone = searchParams.get('phone')
  const openId = searchParams.get('openId')
  
  try {
    const omitPassword = (u: any) => {
      if (!u) return u
      const { password: _, ...rest } = u
      return rest
    }

    // 获取单个用户（不返回 password）
    if (id) {
      const users = await query('SELECT * FROM users WHERE id = ?', [id]) as any[]
      if (users.length > 0) {
        return NextResponse.json({ success: true, user: omitPassword(users[0]) })
      }
      return NextResponse.json({ success: false, error: '用户不存在' }, { status: 404 })
    }

    // 通过手机号查询
    if (phone) {
      const users = await query('SELECT * FROM users WHERE phone = ?', [phone]) as any[]
      if (users.length > 0) {
        return NextResponse.json({ success: true, user: omitPassword(users[0]) })
      }
      return NextResponse.json({ success: false, error: '用户不存在' }, { status: 404 })
    }

    // 通过openId查询
    if (openId) {
      const users = await query('SELECT * FROM users WHERE open_id = ?', [openId]) as any[]
      if (users.length > 0) {
        return NextResponse.json({ success: true, user: omitPassword(users[0]) })
      }
      return NextResponse.json({ success: false, error: '用户不存在' }, { status: 404 })
    }
    
    // 获取所有用户
    const users = await query(`
      SELECT 
        id, open_id, nickname, phone, wechat_id, avatar,
        referral_code, has_full_book, is_admin,
        earnings, pending_earnings, referral_count,
        match_count_today, last_match_date,
        created_at, updated_at
      FROM users 
      ORDER BY created_at DESC
      LIMIT 500
    `) as any[]
    
    return NextResponse.json({
      success: true,
      users,
      total: users.length
    })
    
  } catch (error) {
    console.error('[Users API] GET错误:', error)
    return NextResponse.json({
      success: false,
      error: '获取用户失败: ' + (error as Error).message
    }, { status: 500 })
  }
}

/**
 * POST - 创建用户（注册）
 */
export async function POST(request: NextRequest) {
  try {
    const body = await request.json()
    const { openId, phone, nickname, password, wechatId, avatar, referredBy, is_admin } = body
    
    // 密码：确保非空字符串才存储（bcrypt 哈希）
    const rawPassword = typeof password === 'string' ? password.trim() : ''
    const passwordToStore = rawPassword.length >= 6 ? hashPassword(rawPassword) : null
    
    // 检查openId或手机号是否已存在
    if (openId) {
      const existing = await query('SELECT id FROM users WHERE open_id = ?', [openId]) as any[]
      if (existing.length > 0) {
        const users = await query('SELECT * FROM users WHERE open_id = ?', [openId]) as any[]
        const u = users[0]
        const { password: _p2, ...userSafe } = u || {}
        return NextResponse.json({ success: true, user: userSafe, isNew: false })
      }
    }
    
    if (phone) {
      const existing = await query('SELECT id FROM users WHERE phone = ?', [phone]) as any[]
      if (existing.length > 0) {
        return NextResponse.json({ success: false, error: '该手机号已注册' }, { status: 400 })
      }
    }
    
    // 生成用户ID和推荐码
    const userId = generateUserId()
    const referralCode = generateReferralCode(openId || phone || userId)

    // 创建用户
    await query(`
      INSERT INTO users (
        id, open_id, phone, nickname, password, wechat_id, avatar,
        referral_code, referred_by, has_full_book, is_admin,
        earnings, pending_earnings, referral_count
      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, FALSE, ?, 0, 0, 0)
    `, [
      userId,
      openId || null,
      phone || null,
      nickname || '用户' + userId.slice(-4),
      passwordToStore,
      wechatId || null,
      avatar || null,
      referralCode,
      referredBy || null,
      is_admin || false
    ])
    
    // 返回新用户（不返回 password）
    const users = await query('SELECT * FROM users WHERE id = ?', [userId]) as any[]
    const u = users[0]
    const { password: _p, ...userSafe } = u || {}
    return NextResponse.json({
      success: true,
      user: userSafe,
      isNew: true,
      message: '用户创建成功'
    })
    
  } catch (error) {
    console.error('[Users API] POST错误:', error)
    return NextResponse.json({
      success: false,
      error: '创建用户失败: ' + (error as Error).message
    }, { status: 500 })
  }
}

/**
 * PUT - 更新用户
 */
export async function PUT(request: NextRequest) {
  try {
    const body = await request.json()
    const { id, nickname, phone, wechatId, avatar, password, has_full_book, is_admin, purchasedSections, earnings, pending_earnings } = body
    
    if (!id) {
      return NextResponse.json({ success: false, error: '用户ID不能为空' }, { status: 400 })
    }
    
    // 构建更新字段
    const updates: string[] = []
    const values: any[] = []
    
    if (nickname !== undefined) {
      updates.push('nickname = ?')
      values.push(nickname)
    }
    if (phone !== undefined) {
      updates.push('phone = ?')
      values.push(phone)
    }
    if (wechatId !== undefined) {
      updates.push('wechat_id = ?')
      values.push(wechatId)
    }
    if (avatar !== undefined) {
      updates.push('avatar = ?')
      values.push(avatar)
    }
    if (password !== undefined) {
      updates.push('password = ?')
      values.push(password === '' || password == null ? null : hashPassword(String(password).trim()))
    }
    if (has_full_book !== undefined) {
      updates.push('has_full_book = ?')
      values.push(has_full_book)
    }
    if (is_admin !== undefined) {
      updates.push('is_admin = ?')
      values.push(is_admin)
    }
    if (purchasedSections !== undefined) {
      updates.push('purchased_sections = ?')
      values.push(JSON.stringify(purchasedSections))
    }
    if (earnings !== undefined) {
      updates.push('earnings = ?')
      values.push(earnings)
    }
    if (pending_earnings !== undefined) {
      updates.push('pending_earnings = ?')
      values.push(pending_earnings)
    }
    
    if (updates.length === 0) {
      return NextResponse.json({ success: false, error: '没有需要更新的字段' }, { status: 400 })
    }
    
    values.push(id)
    await query(`UPDATE users SET ${updates.join(', ')}, updated_at = NOW() WHERE id = ?`, values)
    
    return NextResponse.json({
      success: true,
      message: '用户更新成功'
    })
    
  } catch (error) {
    console.error('[Users API] PUT错误:', error)
    return NextResponse.json({
      success: false,
      error: '更新用户失败: ' + (error as Error).message
    }, { status: 500 })
  }
}

/**
 * DELETE - 删除用户
 */
export async function DELETE(request: NextRequest) {
  const { searchParams } = new URL(request.url)
  const id = searchParams.get('id')
  
  if (!id) {
    return NextResponse.json({ success: false, error: '用户ID不能为空' }, { status: 400 })
  }
  
  try {
    await query('DELETE FROM users WHERE id = ?', [id])
    
    return NextResponse.json({
      success: true,
      message: '用户删除成功'
    })
    
  } catch (error) {
    console.error('[Users API] DELETE错误:', error)
    return NextResponse.json({
      success: false,
      error: '删除用户失败: ' + (error as Error).message
    }, { status: 500 })
  }
}