const express = require('express');
const router = express.Router();
const db = require('../db');

// Create a new invite
router.post('/create', async (req, res) => {
    const { code, encryptedPayload, createdBy, maxUses, expiresAt, keyVersion } = req.body;

    if (!code || !encryptedPayload || !createdBy || !keyVersion) {
        return res.status(400).json({ error: 'Missing required fields' });
    }

    try {
        await db.query(
            `INSERT INTO invites (code, encrypted_payload, created_by, max_uses, expires_at, key_version)
             VALUES ($1, $2, $3, $4, $5, $6)`,
            [code, encryptedPayload, createdBy, maxUses || null, expiresAt || null, keyVersion]
        );
        res.json({ success: true });
    } catch (err) {
        console.error('Error creating invite:', err);
        res.status(500).json({ error: 'Server error' });
    }
});

// Fetch an invite (and validate it)
router.get('/:code', async (req, res) => {
    const { code } = req.params;

    try {
        const result = await db.query('SELECT * FROM invites WHERE code = $1', [code]);
        if (result.rows.length === 0) {
            return res.status(404).json({ error: 'Invite not found' });
        }

        const invite = result.rows[0];

        // Check Expiration
        if (invite.expires_at && new Date() > new Date(invite.expires_at)) {
            return res.status(410).json({ error: 'Invite expired' });
        }

        // Check Usage Limits
        if (invite.max_uses !== null && invite.uses >= invite.max_uses) {
            return res.status(410).json({ error: 'Invite max uses reached' });
        }

        // Increment Uses
        await db.query('UPDATE invites SET uses = uses + 1 WHERE code = $1', [code]);

        res.json({
            encryptedPayload: invite.encrypted_payload,
            keyVersion: invite.key_version
        });

    } catch (err) {
        console.error('Error fetching invite:', err);
        res.status(500).json({ error: 'Server error' });
    }
});

// Delete an invite (Revoke) -> Triggers client-side key rotation policy warning? 
// The client should call this, then rotate keys.
router.delete('/:code', async (req, res) => {
    const { code } = req.params;
    try {
        await db.query('DELETE FROM invites WHERE code = $1', [code]);
        res.json({ success: true });
    } catch (err) {
        console.error('Error deleting invite:', err);
        res.status(500).json({ error: 'Server error' });
    }
});

module.exports = router;