import { Router } from 'express';
import { z } from 'zod';
import { pool } from '../db/connection.js';
import { requireAuth } from '../middleware/auth.js';
import { encryptText } from '../services/encryption.js';

const router = Router();

router.post('/phone', requireAuth, async (req, res) => {
  try {
    const parsed = z.object({ phone: z.string().min(6).max(40) }).safeParse(req.body);
    if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });

    const encryptedPhone = encryptText(parsed.data.phone);
    await pool.query('UPDATE users SET phone_encrypted = ? WHERE id = ?', [encryptedPhone, req.user.userId]);

    res.status(200).json({ status: 'updated' });
  } catch (error) {
    console.error('Error updating phone:', error);
    res.status(500).json({ error: 'Internal server error' });
  }
});

export default router;