FEDEO/src/routes/tenant.ts

import { FastifyInstance } from "fastify"
import jwt from "jsonwebtoken"
import { secrets } from "../utils/secrets"

import {
    authTenantUsers,
    authUsers,
    authProfiles,
    tenants
} from "../../db/schema"

import {and, eq, inArray} from "drizzle-orm"


export default async function tenantRoutes(server: FastifyInstance) {


    // -------------------------------------------------------------
    // GET CURRENT TENANT
    // -------------------------------------------------------------
    server.get("/tenant", async (req) => {
        if (req.tenant) {
            return {
                message: `Hallo vom Tenant ${req.tenant?.name}`,
                tenant_id: req.tenant?.id,
            }
        }
        return {
            message: "Server ist im MultiTenant-Modus – es werden alle verfügbaren Tenants geladen."
        }
    })



    // -------------------------------------------------------------
    // SWITCH TENANT
    // -------------------------------------------------------------
    server.post("/tenant/switch", async (req, reply) => {
        try {
            if (!req.user) {
                return reply.code(401).send({ error: "Unauthorized" })
            }

            const { tenant_id } = req.body as { tenant_id: string }
            if (!tenant_id) return reply.code(400).send({ error: "tenant_id required" })

            // prüfen ob der User zu diesem Tenant gehört
            const membership = await server.db
                .select()
                .from(authTenantUsers)
                .where(and(
                        eq(authTenantUsers.user_id, req.user.user_id),
                        eq(authTenantUsers.tenant_id, Number(tenant_id))
                ))

            if (!membership.length) {
                return reply.code(403).send({ error: "Not a member of this tenant" })
            }

            // JWT neu erzeugen
            const token = jwt.sign(
                {
                    user_id: req.user.user_id,
                    email: req.user.email,
                    tenant_id,
                },
                secrets.JWT_SECRET!,
                { expiresIn: "6h" }
            )

            reply.setCookie("token", token, {
                path: "/",
                httpOnly: true,
                sameSite: process.env.NODE_ENV === "production" ? "none" : "lax",
                secure: process.env.NODE_ENV === "production",
                maxAge: 60 * 60 * 3,
            })

            return { token }

        } catch (err) {
            console.error("TENANT SWITCH ERROR:", err)
            return reply.code(500).send({ error: "Internal Server Error" })
        }
    })



    // -------------------------------------------------------------
    // TENANT USERS (auth_users + auth_profiles)
    // -------------------------------------------------------------
    server.get("/tenant/users", async (req, reply) => {
        try {
            const authUser = req.user
            if (!authUser) return reply.code(401).send({ error: "Unauthorized" })

            const tenantId = authUser.tenant_id

            // 1) auth_tenant_users → user_ids
            const tenantUsers = await server.db
                .select()
                .from(authTenantUsers)
                .where(eq(authTenantUsers.tenant_id, tenantId))

            const userIds = tenantUsers.map(u => u.user_id)

            if (!userIds.length) {
                return { tenant_id: tenantId, users: [] }
            }

            // 2) auth_users laden
            const users = await server.db
                .select()
                .from(authUsers)
                .where(inArray(authUsers.id, userIds))

            // 3) auth_profiles pro Tenant laden
            const profiles = await server.db
                .select()
                .from(authProfiles)
                .where(
                    and(
                        eq(authProfiles.tenant_id, tenantId),
                        inArray(authProfiles.user_id, userIds)
                    ))

            const combined = users.map(u => {
                const profile = profiles.find(p => p.user_id === u.id)
                return {
                    id: u.id,
                    email: u.email,
                    profile,
                    full_name: profile?.full_name ?? null
                }
            })

            return { tenant_id: tenantId, users: combined }

        } catch (err) {
            console.error("/tenant/users ERROR:", err)
            return reply.code(500).send({ error: "Internal Server Error" })
        }
    })



    // -------------------------------------------------------------
    // TENANT PROFILES
    // -------------------------------------------------------------
    server.get("/tenant/profiles", async (req, reply) => {
        try {
            const tenantId = req.user?.tenant_id
            if (!tenantId) return reply.code(401).send({ error: "Unauthorized" })

            const data = await server.db
                .select()
                .from(authProfiles)
                .where(eq(authProfiles.tenant_id, tenantId))

            return { data }

        } catch (err) {
            console.error("/tenant/profiles ERROR:", err)
            return reply.code(500).send({ error: "Internal Server Error" })
        }
    })



    // -------------------------------------------------------------
    // UPDATE NUMBER RANGE
    // -------------------------------------------------------------
    server.put("/tenant/numberrange/:numberrange", async (req, reply) => {
        try {
            const user = req.user
            if (!user) return reply.code(401).send({ error: "Unauthorized" })

            const { numberrange } = req.params as { numberrange: string }
            const { numberRange } = req.body as { numberRange: any }

            if (!numberRange) {
                return reply.code(400).send({ error: "numberRange required" })
            }

            const tenantId = Number(user.tenant_id)

            const currentTenantRows = await server.db
                .select()
                .from(tenants)
                .where(eq(tenants.id, tenantId))

            const current = currentTenantRows[0]
            if (!current) return reply.code(404).send({ error: "Tenant not found" })

            const updatedRanges = {
                //@ts-ignore
                ...current.numberRanges,
                [numberrange]: numberRange
            }

            const updated = await server.db
                .update(tenants)
                .set({ numberRanges: updatedRanges })
                .where(eq(tenants.id, tenantId))
                .returning()

            return updated[0]

        } catch (err) {
            console.error("/tenant/numberrange ERROR:", err)
            return reply.code(500).send({ error: "Internal Server Error" })
        }
    })



    // -------------------------------------------------------------
    // UPDATE TENANT OTHER FIELDS
    // -------------------------------------------------------------
    server.put("/tenant/other/:id", async (req, reply) => {
        try {
            const user = req.user
            if (!user) return reply.code(401).send({ error: "Unauthorized" })

            const { id } = req.params as { id: string }
            const { data } = req.body as { data: any }

            if (!data) return reply.code(400).send({ error: "data required" })

            const updated = await server.db
                .update(tenants)
                .set(data)
                .where(eq(tenants.id, Number(user.tenant_id)))
                .returning()

            return updated[0]

        } catch (err) {
            console.error("/tenant/other ERROR:", err)
            return reply.code(500).send({ error: "Internal Server Error" })
        }
    })

}