import { verifyToken, readUsers, writeUsers, verifyPassword, hashPassword, migrateUserRoles } from '../utils/auth.js'

export default defineEventHandler(async (event) => {
  try {
    const token = getCookie(event, 'auth_token')

    if (!token) {
      throw createError({
        statusCode: 401,
        message: 'Nicht authentifiziert.'
      })
    }

    const decoded = verifyToken(token)

    if (!decoded) {
      throw createError({
        statusCode: 401,
        message: 'Ungültiges Token.'
      })
    }

    const body = await readBody(event)
    const { name, email, phone, currentPassword, newPassword } = body

    if (!name || !email) {
      throw createError({
        statusCode: 400,
        message: 'Name und E-Mail sind erforderlich.'
      })
    }

    const users = await readUsers()
    const userIndex = users.findIndex(u => u.id === decoded.id)

    if (userIndex === -1) {
      throw createError({
        statusCode: 404,
        message: 'Benutzer nicht gefunden.'
      })
    }

    const user = users[userIndex]

    // Check if email is already taken by another user
    if (email !== user.email) {
      const emailExists = users.some(u => u.email === email && u.id !== user.id)
      if (emailExists) {
        throw createError({
          statusCode: 409,
          message: 'Diese E-Mail-Adresse wird bereits verwendet.'
        })
      }
    }

    // Update basic info
    user.name = name
    user.email = email
    user.phone = phone || ''

    // Handle password change
    if (currentPassword && newPassword) {
      const isValid = await verifyPassword(currentPassword, user.password)
      if (!isValid) {
        throw createError({
          statusCode: 401,
          message: 'Aktuelles Passwort ist falsch.'
        })
      }

      if (newPassword.length < 6) {
        throw createError({
          statusCode: 400,
          message: 'Das neue Passwort muss mindestens 6 Zeichen lang sein.'
        })
      }

      user.password = await hashPassword(newPassword)
    }

    await writeUsers(users)

    const migratedUser = migrateUserRoles({ ...user })
    const roles = Array.isArray(migratedUser.roles) ? migratedUser.roles : (migratedUser.role ? [migratedUser.role] : ['mitglied'])

    return {
      success: true,
      message: 'Profil erfolgreich aktualisiert.',
      user: {
        id: user.id,
        email: user.email,
        name: user.name,
        phone: user.phone,
        roles: roles,
        role: roles[0] || 'mitglied' // Rückwärtskompatibilität
      }
    }
  } catch (error) {
    console.error('Profil-Update-Fehler:', error)
    throw error
  }
})