import { Router } from 'express';
import { z } from 'zod';
import { pool } from '../db/connection.js';
import { requireAuth } from '../middleware/auth.js';
import { encryptText } from '../services/encryption.js';

const router = Router();

router.post('/phone', requireAuth, async (req, res) => {
  const parsed = z.object({ phone: z.string().min(6).max(40) }).safeParse(req.body);
  if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });

  const encryptedPhone = encryptText(parsed.data.phone);
  await pool.query('UPDATE users SET phone_encrypted = ? WHERE id = ?', [encryptedPhone, req.user.userId]);

  res.json({ status: 'updated' });
});

export default router;