const express = require('express');
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const {getDB} = require('../database');

const router = express.Router();
const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key';


// 验证token中间件
const authenticateToken = (req, res, next) => {
    const authHeader = req.headers['authorization'];
    const token = authHeader && authHeader.split(' ')[1];

    if (!token) {
        return res.status(401).json({success: false, message: '访问令牌缺失'});
    }

    jwt.verify(token, JWT_SECRET, (err, user) => {
        if (err) {
            return res.status(403).json({success: false, message: '访问令牌无效'});
        }
        req.user = user;
        next();
    });
};

// 获取当前用户信息
router.get('/me', authenticateToken, async (req, res) => {
    try {
        const db = getDB();
        const [users] = await db.execute(
            'SELECT id, username, role, avatar, points, created_at FROM users WHERE id = ?',
            [req.user.userId]
        );

        if (users.length === 0) {
            return res.status(404).json({success: false, message: '用户不存在'});
        }

        res.json({success: true, user: users[0]});
    } catch (error) {
        console.error('获取用户信息错误:', error);
        res.status(500).json({success: false, message: '获取用户信息失败'});
    }
});

module.exports = router;
module.exports.authenticateToken = authenticateToken;