import { NextRequest, NextResponse } from 'next/server'
import { db } from '@/lib/db'
import { requireAuth } from '@/lib/api-auth'
import { hashPassword } from '@/lib/auth'

export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    const authResult = await requireAuth(['SUPERVISOR', 'MANAGER'])(request)
    if ('error' in authResult) return authResult.error

    const { id } = await params

    const customer = await db.user.findUnique({
      where: { id, role: 'CUSTOMER' },
      select: {
        id: true,
        email: true,
        name: true,
        phone: true,
        isActive: true,
        createdAt: true,
        _count: { select: { reviews: true } },
      },
    })

    if (!customer) {
      return NextResponse.json(
        { error: 'Cliente no encontrado' },
        { status: 404 }
      )
    }

    return NextResponse.json({ customer })
  } catch (error) {
    console.error('Error al obtener cliente:', error)
    return NextResponse.json(
      { error: 'Error interno del servidor' },
      { status: 500 }
    )
  }
}

export async function PUT(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    const authResult = await requireAuth(['SUPERVISOR', 'MANAGER'])(request)
    if ('error' in authResult) return authResult.error

    const { id } = await params
    const body = await request.json()
    const { name, phone, email, password } = body

    const customer = await db.user.findUnique({
      where: { id, role: 'CUSTOMER' },
    })

    if (!customer) {
      return NextResponse.json(
        { error: 'Cliente no encontrado' },
        { status: 404 }
      )
    }

    const updateData: { name?: string; phone?: string | null; email?: string; passwordHash?: string } = {}

    if (name !== undefined) updateData.name = name.trim()
    if (phone !== undefined) updateData.phone = phone?.trim() || null
    if (email !== undefined) {
      const trimmedEmail = email.toLowerCase().trim()
      // Check email uniqueness if changing
      if (trimmedEmail !== customer.email) {
        const existing = await db.user.findUnique({ where: { email: trimmedEmail } })
        if (existing) {
          return NextResponse.json(
            { error: 'Ya existe una cuenta con este email' },
            { status: 409 }
          )
        }
      }
      updateData.email = trimmedEmail
    }
    if (password) {
      if (password.length < 6) {
        return NextResponse.json(
          { error: 'La contraseña debe tener al menos 6 caracteres' },
          { status: 400 }
        )
      }
      updateData.passwordHash = await hashPassword(password)
    }

    const updated = await db.user.update({
      where: { id },
      data: updateData,
      select: {
        id: true,
        email: true,
        name: true,
        phone: true,
        isActive: true,
        createdAt: true,
      },
    })

    return NextResponse.json({ customer: updated })
  } catch (error) {
    console.error('Error al actualizar cliente:', error)
    return NextResponse.json(
      { error: 'Error interno del servidor' },
      { status: 500 }
    )
  }
}

export async function DELETE(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    const authResult = await requireAuth(['ADMIN', 'MANAGER'])(request)
    if ('error' in authResult) return authResult.error

    const { id } = await params

    const customer = await db.user.findUnique({
      where: { id, role: 'CUSTOMER' },
    })

    if (!customer) {
      return NextResponse.json(
        { error: 'Cliente no encontrado' },
        { status: 404 }
      )
    }

    // Toggle isActive: deactivate if active, reactivate if inactive
    const updated = await db.user.update({
      where: { id },
      data: { isActive: !customer.isActive },
      select: {
        id: true,
        email: true,
        name: true,
        isActive: true,
      },
    })

    return NextResponse.json({
      customer: updated,
      message: updated.isActive
        ? 'Cliente reactivado'
        : 'Cliente desactivado',
    })
  } catch (error) {
    console.error('Error al actualizar estado del cliente:', error)
    return NextResponse.json(
      { error: 'Error interno del servidor' },
      { status: 500 }
    )
  }
}
