import { NextResponse } from 'next/server';
import { prisma } from '../../../lib/prisma';
import { requireAuth } from '../../../lib/jwt';
import { hashPassword } from '../../../lib/auth';

export async function PATCH(req: Request) {
  try {
    const session = await requireAuth(req);
    const body = await req.json();

    const name = body.name !== undefined && body.name !== null ? String(body.name).trim() : undefined;
    const password = body.password ? String(body.password) : undefined;

    if (name === undefined && !password) {
      return NextResponse.json({ error: 'No updates provided' }, { status: 400 });
    }

    const data: any = {};
    if (name !== undefined) data.name = name || null;
    if (password) {
      if (password.length < 8) {
        return NextResponse.json({ error: 'Password must be at least 8 characters' }, { status: 400 });
      }
      data.passwordHash = await hashPassword(password);
    }

    const user = await prisma.user.update({
      where: { id: session.userId },
      data,
      select: { id: true, email: true, name: true, role: true, status: true, emailVerifiedAt: true, approvedAt: true },
    });

    return NextResponse.json({ ok: true, user });
  } catch (error) {
    console.error('Profile update error', error);
    return NextResponse.json({ error: 'Failed to update profile' }, { status: 500 });
  }
}
export const dynamic = 'force-dynamic';