costco-grocery-list/backend/controllers/users.controller.js

const User = require("../models/user.model");
const bcrypt = require("bcryptjs");

exports.test = async (req, res) => {
  console.log("User route is working");
  res.json({ message: "User route is working" });
};

exports.getAllUsers = async (req, res) => {
  const users = await User.getAllUsers();
  res.json(users);
};


exports.updateUserRole = async (req, res) => {
  try {
    const { id, role } = req.body;

    console.log(`Updating user ${id} to role ${role}`);
    if (!Object.values(User.ROLES).includes(role))
      return res.status(400).json({ error: "Invalid role" });

    const updated = await User.updateUserRole(id, role);
    if (!updated)
      return res.status(404).json({ error: "User not found" });

    res.json({ message: "Role updated", id, role });
  } catch (err) {
    res.status(500).json({ error: "Failed to update role" });
  }
};

exports.deleteUser = async (req, res) => {
  try {
    const { id } = req.params;

    const deleted = await User.deleteUser(id);
    if (!deleted)
      return res.status(404).json({ error: "User not found" });


    res.json({ message: "User deleted", id });
  } catch (err) {
    res.status(500).json({ error: "Failed to delete user" });
  }
};

exports.checkIfUserExists = async (req, res) => {
  const { username } = req.query;
  const exists = await User.checkIfUserExists(username);
  res.json(exists);
};

exports.getCurrentUser = async (req, res) => {
  try {
    const userId = req.user.id;
    const user = await User.getUserById(userId);

    if (!user) {
      return res.status(404).json({ error: "User not found" });
    }

    res.json(user);
  } catch (err) {
    console.error("Error getting current user:", err);
    res.status(500).json({ error: "Failed to get user profile" });
  }
};

exports.updateCurrentUser = async (req, res) => {
  try {
    const userId = req.user.id;
    const { display_name } = req.body;

    if (!display_name || display_name.trim().length === 0) {
      return res.status(400).json({ error: "Display name is required" });
    }

    if (display_name.length > 100) {
      return res.status(400).json({ error: "Display name must be 100 characters or less" });
    }

    const updated = await User.updateUserProfile(userId, { display_name: display_name.trim() });

    if (!updated) {
      return res.status(404).json({ error: "User not found" });
    }

    res.json({ message: "Profile updated successfully", user: updated });
  } catch (err) {
    console.error("Error updating user profile:", err);
    res.status(500).json({ error: "Failed to update profile" });
  }
};

exports.changePassword = async (req, res) => {
  try {
    const userId = req.user.id;
    const { current_password, new_password } = req.body;

    // Validation
    if (!current_password || !new_password) {
      return res.status(400).json({ error: "Current password and new password are required" });
    }

    if (new_password.length < 6) {
      return res.status(400).json({ error: "New password must be at least 6 characters" });
    }

    // Get current password hash
    const currentHash = await User.getUserPasswordHash(userId);

    if (!currentHash) {
      return res.status(404).json({ error: "User not found" });
    }

    // Verify current password
    const isValidPassword = await bcrypt.compare(current_password, currentHash);

    if (!isValidPassword) {
      return res.status(401).json({ error: "Current password is incorrect" });
    }

    // Hash new password
    const salt = await bcrypt.genSalt(10);
    const hashedPassword = await bcrypt.hash(new_password, salt);

    // Update password
    await User.updateUserPassword(userId, hashedPassword);

    res.json({ message: "Password changed successfully" });
  } catch (err) {
    console.error("Error changing password:", err);
    res.status(500).json({ error: "Failed to change password" });
  }
};