<?php
/**
 * 用户管理API
 */

// 设置错误报告
error_reporting(E_ALL);
ini_set('display_errors', 0);

// 设置JSON响应头
header('Content-Type: application/json; charset=utf-8');

// 包含必要的类
require_once '../../utils/Config.php';
require_once '../../utils/Logger.php';
require_once '../../utils/Helper.php';
require_once '../../utils/Database.php';

// 处理请求
try {
    // 获取请求方法
    $method = $_SERVER['REQUEST_METHOD'] ?? 'GET';
    
    // 连接数据库
    $db = Database::getInstance();
    
    // 根据请求方法处理
    switch ($method) {
        case 'GET':
            // 获取用户列表
            getUsers($db);
            break;
        case 'POST':
            // 检查是否是登录请求
            $data = json_decode(file_get_contents('php://input'), true);
            if (isset($data['login']) && $data['login'] === true) {
                // 登录请求
                loginUser($db, $data);
            } else {
                // 添加或编辑用户
                saveUser($db);
            }
            break;
        case 'DELETE':
            // 删除用户
            deleteUser($db);
            break;
        default:
            echo json_encode([
                'success' => false,
                'message' => '不支持的请求方法'
            ]);
            break;
    }
} catch (Exception $e) {
    echo json_encode([
        'success' => false,
        'message' => '服务器内部错误: ' . $e->getMessage()
    ]);
}

/**
 * 获取用户列表
 * @param Database $db 数据库实例
 */
function getUsers($db) {
    // 获取请求参数
    $page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
    $search = isset($_GET['search']) ? $_GET['search'] : '';
    $perPage = 10;
    $offset = ($page - 1) * $perPage;
    
    // 构建查询条件
    $where = '';
    $params = [];
    
    if (!empty($search)) {
        $where = "WHERE (username LIKE ? OR email LIKE ?) AND is_deleted = 0";
        $searchParam = "%$search%";
        $params = [$searchParam, $searchParam];
    } else {
        $where = "WHERE is_deleted = 0";
    }
    
    // 查询用户总数
    $totalSql = "SELECT COUNT(*) as total FROM user $where";
    $totalResult = $db->fetchOne($totalSql, $params);
    $total = $totalResult['total'];
    
    // 查询用户列表
    $usersSql = "SELECT * FROM user $where ORDER BY create_time DESC LIMIT ? OFFSET ?";
    $usersParams = array_merge($params, [$perPage, $offset]);
    $users = $db->fetchAll($usersSql, $usersParams);
    
    // 格式化用户数据
    $formattedUsers = [];
    foreach ($users as $user) {
        $formattedUsers[] = [
            'username' => $user['username'],
            'email' => $user['email'],
            'is_admin' => (bool)$user['is_admin'],
            'is_enabled' => (bool)$user['is_enabled'],
            'created_at' => $user['create_time'],
            'updated_at' => $user['updated_at']
        ];
    }
    
    // 返回响应
    echo json_encode([
        'success' => true,
        'data' => [
            'users' => $formattedUsers,
            'total' => $total,
            'page' => $page,
            'perPage' => $perPage,
            'totalPages' => ceil($total / $perPage)
        ]
    ]);
}

/**
 * 保存用户信息（添加或编辑）
 * @param Database $db 数据库实例
 */
function saveUser($db) {
    // 获取请求数据
    $data = json_decode(file_get_contents('php://input'), true);
    
    if (!$data) {
        echo json_encode([
            'success' => false,
            'message' => '无效的请求数据'
        ]);
        return;
    }
    
    // 验证必填字段
    if (empty($data['username']) || empty($data['email'])) {
        echo json_encode([
            'success' => false,
            'message' => '用户名和邮箱不能为空'
        ]);
        return;
    }
    
    // 检查邮箱格式
    if (!filter_var($data['email'], FILTER_VALIDATE_EMAIL)) {
        echo json_encode([
            'success' => false,
            'message' => '无效的邮箱格式'
        ]);
        return;
    }
    
    // 检查用户名是否已存在
    $existingUser = $db->fetchOne("SELECT username FROM user WHERE username = ? OR email = ?", [
        $data['username'],
        $data['email']
    ]);
    
    if ($existingUser) {
        echo json_encode([
            'success' => false,
            'message' => '用户名或邮箱已存在'
        ]);
        return;
    }
    
    // 验证密码
    if (empty($data['password'])) {
        echo json_encode([
            'success' => false,
            'message' => '密码不能为空'
        ]);
        return;
    }
    
    // 添加用户
    $db->insert(
        "INSERT INTO user (username, password, email, is_admin, is_enabled, create_time, updated_at, is_deleted) VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
        [
            $data['username'],
            Helper::encryptPassword($data['password']),
            $data['email'],
            (bool)$data['is_admin'],
            (bool)$data['is_enabled'],
            date('Y-m-d H:i:s'),
            date('Y-m-d H:i:s'),
            0
        ]
    );
    
    echo json_encode([
        'success' => true,
        'message' => '用户添加成功'
    ]);
}

/**
 * 删除用户
 * @param Database $db 数据库实例
 */
function deleteUser($db) {
    // 获取请求参数
    $username = isset($_GET['username']) ? $_GET['username'] : '';
    
    if (empty($username)) {
        echo json_encode([
            'success' => false,
            'message' => '无效的用户名'
        ]);
        return;
    }
    
    // 检查用户是否存在
    $user = $db->fetchOne("SELECT username FROM user WHERE username = ?", [$username]);
    if (!$user) {
        echo json_encode([
            'success' => false,
            'message' => '用户不存在'
        ]);
        return;
    }
    
    // 删除用户（软删除）
    $db->update(
        "UPDATE user SET is_deleted = 1, updated_at = ? WHERE username = ?",
        [date('Y-m-d H:i:s'), $username]
    );
    
    echo json_encode([
        'success' => true,
        'message' => '用户删除成功'
    ]);
}

/**
 * 用户登录
 * @param Database $db 数据库实例
 * @param array $data 登录数据
 */
function loginUser($db, $data) {
    // 验证必填字段
    if (empty($data['username']) || empty($data['password'])) {
        echo json_encode([
            'success' => false,
            'message' => '用户名和密码不能为空'
        ]);
        return;
    }
    
    // 查询用户
    $sql = "SELECT * FROM user WHERE username = ? AND is_deleted = 0 AND is_enabled = 1";
    $user = $db->fetchOne($sql, [$data['username']]);
    
    if ($user && password_verify($data['password'], $user['password'])) {
        // 登录成功
        // 构建用户信息
        $userInfo = [
            'username' => $user['username'],
            'email' => $user['email'],
            'is_admin' => (bool)$user['is_admin'],
            'is_enabled' => (bool)$user['is_enabled'],
            'created_at' => $user['create_time'],
            'updated_at' => $user['updated_at']
        ];
        
        echo json_encode([
            'success' => true,
            'message' => '登录成功',
            'data' => [
                'user' => $userInfo
            ]
        ]);
    } else {
        // 登录失败
        echo json_encode([
            'success' => false,
            'message' => '用户名或密码错误'
        ]);
    }
}