'use server';

import { z } from 'zod';
import db from '@/lib/db';
import { revalidatePath } from 'next/cache';
import { auth } from '@/auth';

const formSchema = z.object({
  name: z.string().min(1, 'Name is required'),
  email: z.string().email('Invalid email address'),
  password: z.string().optional(),
});

type UserFormValues = z.infer<typeof formSchema>;

type User = {
    id: string;
    name: string | null;
    email: string;
    password?: string | null;
};

export async function getUserByEmail(email: string): Promise<User | null> {
    try {
        const stmt = db.prepare('SELECT id, name, email, password FROM users WHERE email = ?');
        const user = stmt.get(email) as User | undefined;
        return user || null;
    } catch (error) {
        console.error('Failed to get user by email:', error);
        throw new Error('Database error while fetching user.');
    }
}


/**
 * Gets the currently logged-in user from the session.
 */
export async function getUser(): Promise<{ id: string; name: string; email: string } | null> {
  const session = await auth();
  if (!session?.user?.id || !session.user.email || !session.user.name) {
    return null;
  }
  return {
    id: session.user.id,
    email: session.user.email,
    name: session.user.name,
  };
}

/**
 * Updates a user's profile information in the database.
 */
export async function updateUser(data: UserFormValues): Promise<{ success: boolean; message: string }> {
  const session = await auth();
  if (!session?.user?.id) {
    return { success: false, message: 'Not authenticated.' };
  }
  
  const validation = formSchema.safeParse(data);
  if (!validation.success) {
    return { success: false, message: 'Invalid data provided.' };
  }

  const { name, email, password } = validation.data;

  try {
    const userId = session.user.id;

    // Check if the new email is already taken by another user
    const checkEmailStmt = db.prepare('SELECT id FROM users WHERE email = ? AND id != ?');
    const existingUser = checkEmailStmt.get(email, userId);

    if (existingUser) {
      return { success: false, message: 'This email is already taken.' };
    }

    if (password) {
      // If a new password is provided, update it along with name and email
      const stmt = db.prepare('UPDATE users SET name = ?, email = ?, password = ? WHERE id = ?');
      // In a real app, hash the password! For this example, we store it as plain text.
      stmt.run(name, email, password, userId);
    } else {
      // If no new password, only update name and email
      const stmt = db.prepare('UPDATE users SET name = ?, email = ? WHERE id = ?');
      stmt.run(name, email, userId);
    }

    revalidatePath('/admin/settings/user');
    return { success: true, message: 'Profile updated successfully!' };
  } catch (error) {
    console.error('Failed to update user:', error);
    return { success: false, message: 'An unexpected error occurred.' };
  }
}