const express = require('express');
const router = express.Router();
const User = require('../models/User');

// POST register
router.post('/register', async (req, res) => {
    try {
        const { name, phone, password, email } = req.body;
        const existing = await User.findOne({ phone });
        if (existing) {
            return res.status(400).json({ success: false, message: "Bu telefon raqam allaqachon ro'yxatdan o'tgan." });
        }
        const user = new User({ name, phone, password, email: email || '' });
        await user.save();
        res.json({
            success: true,
            user: { id: user._id, name: user.name, phone: user.phone, email: user.email }
        });
    } catch (err) {
        res.status(500).json({ success: false, message: err.message });
    }
});

// POST login
router.post('/login', async (req, res) => {
    try {
        const { phone, password } = req.body;
        // Support login by phone or email
        const user = await User.findOne({ $or: [{ phone }, { email: phone }] });
        if (!user) {
            return res.status(401).json({ success: false, message: "Telefon raqam yoki parol noto'g'ri." });
        }
        const isMatch = await user.comparePassword(password);
        if (!isMatch) {
            return res.status(401).json({ success: false, message: "Telefon raqam yoki parol noto'g'ri." });
        }
        res.json({
            success: true,
            user: { id: user._id, name: user.name, phone: user.phone, email: user.email }
        });
    } catch (err) {
        res.status(500).json({ success: false, message: err.message });
    }
});

// GET current user profile
router.get('/profile/:id', async (req, res) => {
    try {
        const user = await User.findById(req.params.id).select('-password');
        if (!user) return res.status(404).json({ error: 'Foydalanuvchi topilmadi' });
        res.json(user);
    } catch (err) {
        res.status(500).json({ error: err.message });
    }
});

// PUT update profile
router.put('/profile/:id', async (req, res) => {
    try {
        const updates = { ...req.body };
        delete updates.password; // Don't allow password change via this endpoint
        const user = await User.findByIdAndUpdate(req.params.id, updates, { new: true }).select('-password');
        if (!user) return res.status(404).json({ error: 'Foydalanuvchi topilmadi' });
        res.json(user);
    } catch (err) {
        res.status(400).json({ error: err.message });
    }
});

// POST Google login (Firebase Auth)
router.post('/google-login', async (req, res) => {
    try {
        const { uid, name, email, phone, photoURL } = req.body;

        // Find existing user by Firebase UID or email
        let user = await User.findOne({ $or: [{ firebaseUid: uid }, { email: email }] });

        if (user) {
            // Update existing user
            user.firebaseUid = uid;
            user.name = name || user.name;
            if (photoURL) user.photoURL = photoURL;
            await user.save();
        } else {
            // Create new user
            user = new User({
                name,
                email: email || '',
                phone: phone || '',
                password: 'google_' + uid, // placeholder password
                firebaseUid: uid,
                photoURL: photoURL || ''
            });
            await user.save();
        }

        res.json({
            success: true,
            user: { id: user._id, name: user.name, phone: user.phone, email: user.email, photoURL: user.photoURL }
        });
    } catch (err) {
        res.status(500).json({ success: false, message: err.message });
    }
});

module.exports = router;