const path = require('path');
const fs = require('fs');
const express = require('express');
const { requireAdmin } = require('../middleware/auth');
const users = require('../services/users');

const mediaDir = process.env.MEDIA_DIR || path.join(__dirname, '..', '..', 'media');

function unlinkQuiet(absPath) {
  fs.unlink(absPath, () => {});
}

module.exports = function usersAdminRoutes(csrfProtection) {
  const router = express.Router();
  router.use(requireAdmin);

  router.get('/', (req, res) => {
    res.render('mymusic/users', { title: 'Users', userList: users.listAllUsers() });
  });

  router.post('/:id/disable', csrfProtection, (req, res, next) => {
    try {
      const id = Number(req.params.id);
      if (id === req.session.user.id) {
        req.flash('error', 'You cannot disable your own account.');
        return res.redirect('/mymusic/users');
      }
      users.setDisabled(id, true);
      req.flash('success', 'Account disabled.');
      res.redirect('/mymusic/users');
    } catch (err) { next(err); }
  });

  router.post('/:id/enable', csrfProtection, (req, res, next) => {
    try {
      users.setDisabled(Number(req.params.id), false);
      req.flash('success', 'Account enabled.');
      res.redirect('/mymusic/users');
    } catch (err) { next(err); }
  });

  router.post('/:id/verify', csrfProtection, (req, res, next) => {
    try {
      users.markVerifiedAdmin(Number(req.params.id));
      req.flash('success', 'Email marked as verified.');
      res.redirect('/mymusic/users');
    } catch (err) { next(err); }
  });

  router.post('/:id/delete', csrfProtection, (req, res, next) => {
    try {
      const id = Number(req.params.id);
      if (id === req.session.user.id) {
        req.flash('error', 'You cannot delete your own account.');
        return res.redirect('/mymusic/users');
      }
      const { songs, playlists } = users.deleteUserWithContent(id);
      for (const s of songs) {
        if (s.audio_path) unlinkQuiet(path.join(mediaDir, s.audio_path));
        if (s.cover_path) unlinkQuiet(path.join(mediaDir, s.cover_path));
      }
      for (const p of playlists) {
        if (p.cover_path) unlinkQuiet(path.join(mediaDir, p.cover_path));
      }
      req.flash('success', 'User and all their content deleted.');
      res.redirect('/mymusic/users');
    } catch (err) { next(err); }
  });

  return router;
};