import bcrypt from 'bcrypt'
import jwt from 'jsonwebtoken'

import { prisma } from '../prisma.js'

export const login = async (req, res) => {
  
  // Get data
  const { email, password } = req.body;

  if (!email || !password) {
    return res.status(400).json({ error: 'All fields are required' })
  }

  // Check data is correct
  const user = await prisma.user.findFirst({ where: { email } });

  if (!user || !await bcrypt.compare(password, user.password)) {
    return res.status(400).json({ error: 'Invalid credentials' })
  }

  // Generate JWT
  const token = jwt.sign({ id: user.id }, process.env.JWT_SECRET, { expiresIn: '7d' })

  // Return
  res.status(200).json({
    id: user.id,
    username: user.username,
    email: user.email,
    token
  })

}

export const register = async (req, res) => {

  // Get data
  const {username, email, password } = req.body

  // Check is not  empty
  if (!username || !email || !password) {
    return res.status(400).json({ error: 'All fields are required' })
  }

  // Validate data
  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/

  if (username.length < 3 ||username.length > 14) { return res.status(400).json({ error: 'Username must be between 3 and 14 characters' })}
  if (email.length > 30 || !emailRegex.test(email)) { return res.status(400).json({ error: 'Email is not valid' })}
  if (password.length < 6 || password.length > 32) { return res.status(400).json({ error: 'Password must be between 6 and 32 characters' })}

  // Check email and username doesnt exists
  const userExists = await prisma.user.findFirst({
    where: {
      OR: [ { email }, { username } ]
    }
  });

  // If username or email exists, send error
  if (userExists) {
    return res.status(409).json({
      error: 'User already exists'
    })
  }

  // Hash password
  const hashedPassword = await bcrypt.hash(password, 10)
  
  // Create user
  const user = await prisma.user.create({
    data: { username, email, password: hashedPassword, type: "candidato" }
  })

  // Generates token
  const token = jwt.sign({ id: user.id }, process.env.JWT_SECRET, { expiresIn: '7d' })
  
  // Return user
  res.status(201).json({ id: user.id, username: user.username, email: user.email, token })
}