import express from 'express';
import { 
  verifyAdminPassword, 
  getAllPasswords, 
  addPassword, 
  deletePassword 
} from '../database.js';
import { generateAdminToken } from '../utils/jwt.js';
import { requireAdminAuth } from '../middleware/auth.js';
import { loginLimiter } from '../middleware/rateLimit.js';

const router = express.Router();

/**
 * 管理员登录
 * POST /api/admin/login
 * Body: { username: string, password: string }
 */
router.post('/login', loginLimiter, (req, res) => {
  const { username, password } = req.body;

  if (!username || !password) {
    return res.status(400).json({ error: '请提供用户名和密码' });
  }

  const isValid = verifyAdminPassword(username, password);

  if (!isValid) {
    return res.status(401).json({ error: '用户名或密码错误' });
  }

  const token = generateAdminToken(username);

  res.json({
    success: true,
    token,
    message: '登录成功'
  });
});

/**
 * 获取所有访问密码
 * GET /api/admin/passwords
 * 需要管理员认证
 */
router.get('/passwords', requireAdminAuth, (req, res) => {
  const passwords = getAllPasswords();
  res.json({
    success: true,
    passwords
  });
});

/**
 * 添加新的访问密码
 * POST /api/admin/passwords
 * Body: { name: string, password: string }
 * 需要管理员认证
 */
router.post('/passwords', requireAdminAuth, (req, res) => {
  const { name, password } = req.body;

  if (!name || !password) {
    return res.status(400).json({ error: '请提供密码名称和密码' });
  }

  if (name.length < 1 || name.length > 50) {
    return res.status(400).json({ error: '密码名称长度应在 1-50 个字符之间' });
  }

  if (password.length < 4) {
    return res.status(400).json({ error: '密码长度至少 4 个字符' });
  }

  const result = addPassword(name, password);

  if (!result.success) {
    return res.status(400).json({ error: result.error });
  }

  res.json({
    success: true,
    id: result.id,
    message: '密码添加成功'
  });
});

/**
 * 删除访问密码
 * DELETE /api/admin/passwords/:id
 * 需要管理员认证
 */
router.delete('/passwords/:id', requireAdminAuth, (req, res) => {
  const id = parseInt(req.params.id, 10);

  if (isNaN(id)) {
    return res.status(400).json({ error: '无效的密码 ID' });
  }

  const success = deletePassword(id);

  if (!success) {
    return res.status(404).json({ error: '密码不存在' });
  }

  res.json({
    success: true,
    message: '密码删除成功'
  });
});

/**
 * 验证管理员 token
 * GET /api/admin/verify-token
 */
router.get('/verify-token', requireAdminAuth, (req, res) => {
  res.json({
    valid: true,
    admin: {
      username: req.admin.username
    }
  });
});

export default router;