import { NextResponse } from 'next/server';
import { auth } from '@/lib/auth/config';
import { prisma } from '@/lib/db/prisma';

export async function GET() {
  const session = await auth();
  if (!session?.user?.id) {
    return NextResponse.json({ error: 'Autenticação necessária.' }, { status: 401 });
  }

  const user = await prisma.user.findUnique({
    where:  { id: session.user.id },
    select: {
      id:            true,
      name:          true,
      email:         true,
      district:      true,
      role:          true,
      emailVerified: true,
      createdAt:     true,
      _count: {
        select: {
          reservations: true,
          donations:    true,
        },
      },
    },
  });

  if (!user) {
    return NextResponse.json({ error: 'Utilizador não encontrado.' }, { status: 404 });
  }

  return NextResponse.json(user);
}

export async function PATCH(request: Request) {
  const session = await auth();
  if (!session?.user?.id) {
    return NextResponse.json({ error: 'Autenticação necessária.' }, { status: 401 });
  }

  const body = await request.json();

  // Apenas permitir actualizar campos seguros
  const { name, district } = body as { name?: string; district?: string };

  if (name && (typeof name !== 'string' || name.length < 2 || name.length > 100)) {
    return NextResponse.json({ error: 'Nome inválido.' }, { status: 400 });
  }

  const user = await prisma.user.update({
    where: { id: session.user.id },
    data:  {
      ...(name     && { name }),
      ...(district && { district }),
    },
    select: { id: true, name: true, email: true, district: true, role: true },
  });

  return NextResponse.json(user);
}