const { User } = require('../models');

exports.getAllUsers = async (req, res) => {
  try {
    const users = await User.findAll({
      order: [['name', 'ASC']],
      attributes: ['id', 'name', 'email', 'active', 'created_at'] // Passwort ausschließen
    });
    res.status(200).json(users);
  } catch (error) {
    console.error('Error fetching users:', error);
    res.status(500).json({ message: 'Error fetching users' });
  }
};

exports.getUserById = async (req, res) => {
  try {
    const user = await User.findByPk(req.params.id, {
      attributes: ['id', 'name', 'email', 'active', 'created_at'] // Passwort ausschließen
    });
    if (user) {
      res.status(200).json(user);
    } else {
      res.status(404).json({ message: 'User not found' });
    }
  } catch (error) {
    console.error('Error fetching user:', error);
    res.status(500).json({ message: 'Error fetching user' });
  }
};

exports.createUser = async (req, res) => {
  try {
    const user = await User.create(req.body);
    
    // Sichere User-Daten zurückgeben (ohne Passwort)
    const safeUser = {
      id: user.id,
      name: user.name,
      email: user.email,
      active: user.active,
      created_at: user.created_at
    };
    
    res.status(201).json(safeUser);
  } catch (error) {
    console.error('Error creating user:', error);
    res.status(500).json({ message: 'Error creating user' });
  }
};

exports.updateUser = async (req, res) => {
  try {
    const user = await User.findByPk(req.params.id);
    if (user) {
      // Erstelle eine Kopie der Request-Daten ohne sensible Felder
      const updateData = { ...req.body };
      
      // Entferne sensible Felder, die niemals über diese Route geändert werden dürfen
      delete updateData.password;
      delete updateData.id;
      delete updateData.created_at;
      
      // Setze updated_at auf aktuelle Zeit
      updateData.updated_at = new Date();
      
      // Logging für Debugging
      console.log('Updating user:', req.params.id, 'with data:', updateData);
      
      await user.update(updateData);
      
      // Sichere User-Daten zurückgeben (ohne Passwort)
      const safeUser = {
        id: user.id,
        name: user.name,
        email: user.email,
        active: user.active,
        created_at: user.created_at
      };
      
      res.status(200).json(safeUser);
    } else {
      res.status(404).json({ message: 'User not found' });
    }
  } catch (error) {
    console.error('Error updating user:', error);
    res.status(500).json({ message: 'Error updating user' });
  }
};

exports.deleteUser = async (req, res) => {
  try {
    const user = await User.findByPk(req.params.id);
    if (user) {
      await user.destroy();
      res.status(200).json({ message: 'User deleted successfully' });
    } else {
      res.status(404).json({ message: 'User not found' });
    }
  } catch (error) {
    console.error('Error deleting user:', error);
    res.status(500).json({ message: 'Error deleting user' });
  }
};