import express from "express";
import u from "@/utils";
import { success, error } from "@/lib/responseFormat";
import { validateFields } from "@/middleware/middleware";
import { z } from "zod";
import { createAuthToken, getTokenKey, publicUser } from "@/lib/auth";
import { hashPassword, isHashedPassword, verifyPassword } from "@/lib/password";
const router = express.Router();

// 登录
export default router.post(
  "/",
  validateFields({
    username: z.string(),
    password: z.string(),
  }),
  async (req, res) => {
    const username = String(req.body.username || "").trim();
    const password = String(req.body.password || "");

    const data = await u.db("o_user").where("name", "=", username).orWhere("phone", username).first();
    if (!data) return res.status(400).send(error("登录失败"));

    const validPassword = await verifyPassword(password, data.password);
    if (validPassword) {
      const tokenKey = await getTokenKey();
      if (!tokenKey) return res.status(400).send(error("未找到tokenKey"));

      if (!isHashedPassword(data.password)) {
        await u.db("o_user").where("id", data.id).update({ password: await hashPassword(password) });
      }

      const user = publicUser(data);
      const token = createAuthToken(user, tokenKey);
      return res.status(200).send(success({ token: "Bearer " + token, ...user }, "登录成功"));
    } else {
      return res.status(400).send(error("用户名或密码错误"));
    }
  },
);