const express = require('express');
const router = express.Router();
const pool = require('../db');
const { authMiddleware } = require('./auth');

// Get all bookings for an event
router.get('/event/:eventId', authMiddleware, async (req, res) => {
  try {
    const result = await pool.query(
      `SELECT b.* FROM bookings b
       JOIN events e ON b.event_id = e.id
       WHERE b.event_id = $1 AND e.user_id = $2
       ORDER BY b.created_at DESC`,
      [req.params.eventId, req.userId]
    );
    res.json(result.rows);
  } catch (err) {
    console.error(err);
    res.status(500).json({ error: 'Server error' });
  }
});

// Create booking
router.post('/', authMiddleware, async (req, res) => {
  const { event_id, supplier_name, supplier_type, contact_info, cost, status, notes } = req.body;
  if (!event_id || !supplier_name) return res.status(400).json({ error: 'event_id and supplier_name are required' });
  try {
    const eventCheck = await pool.query('SELECT id FROM events WHERE id=$1 AND user_id=$2', [event_id, req.userId]);
    if (eventCheck.rows.length === 0) return res.status(403).json({ error: 'Forbidden' });

    const result = await pool.query(
      `INSERT INTO bookings (event_id, supplier_name, supplier_type, contact_info, cost, status, notes)
       VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING *`,
      [event_id, supplier_name, supplier_type, contact_info, cost || 0, status || 'pending', notes]
    );
    res.status(201).json(result.rows[0]);
  } catch (err) {
    console.error(err);
    res.status(500).json({ error: 'Server error' });
  }
});

// Update booking
router.put('/:id', authMiddleware, async (req, res) => {
  const { supplier_name, supplier_type, contact_info, cost, status, notes } = req.body;
  try {
    const result = await pool.query(
      `UPDATE bookings SET supplier_name=$1, supplier_type=$2, contact_info=$3, cost=$4, status=$5, notes=$6
       WHERE id=$7 AND event_id IN (SELECT id FROM events WHERE user_id=$8) RETURNING *`,
      [supplier_name, supplier_type, contact_info, cost, status, notes, req.params.id, req.userId]
    );
    if (result.rows.length === 0) return res.status(404).json({ error: 'Booking not found' });
    res.json(result.rows[0]);
  } catch (err) {
    console.error(err);
    res.status(500).json({ error: 'Server error' });
  }
});

// Delete booking
router.delete('/:id', authMiddleware, async (req, res) => {
  try {
    const result = await pool.query(
      `DELETE FROM bookings WHERE id=$1 AND event_id IN (SELECT id FROM events WHERE user_id=$2) RETURNING id`,
      [req.params.id, req.userId]
    );
    if (result.rows.length === 0) return res.status(404).json({ error: 'Booking not found' });
    res.json({ message: 'Booking deleted' });
  } catch (err) {
    console.error(err);
    res.status(500).json({ error: 'Server error' });
  }
});

module.exports = router;