helpyourneighbour/backend/src/routes/profile.js

import { Router } from 'express';
import { z } from 'zod';
import { pool } from '../db/connection.js';
import { requireAuth } from '../middleware/auth.js';
import { encryptText, decryptText } from '../services/encryption.js';

const router = Router();

router.post('/phone', requireAuth, async (req, res) => {
  try {
    const parsed = z.object({ phone: z.string().min(6).max(40) }).safeParse(req.body);
    if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });

    const encryptedPhone = encryptText(parsed.data.phone);
    await pool.query('UPDATE users SET phone_encrypted = ? WHERE id = ?', [encryptedPhone, req.user.userId]);

    res.status(200).json({ status: 'updated' });
  } catch (error) {
    console.error('Error updating phone:', error);
    res.status(500).json({ error: 'Internal server error' });
  }
});

// GET /profile endpoint
router.get('/', requireAuth, async (req, res) => {
  try {
    const [rows] = await pool.query('SELECT id, name, email, phone_encrypted FROM users WHERE id = ?', [req.user.userId]);
    if (rows.length === 0) return res.status(404).json({ error: 'User not found' });

    const user = rows[0];
    // Decrypt phone number for response
    let decryptedPhone = null;
    if (user.phone_encrypted) {
      try {
        decryptedPhone = decryptText(user.phone_encrypted);
      } catch (decryptError) {
        console.error('Decryption error:', decryptError);
        return res.status(500).json({ error: 'Failed to decrypt phone number' });
      }
    }
    
    res.status(200).json({
      id: user.id,
      name: user.name,
      email: user.email,
      phone: decryptedPhone
    });
  } catch (error) {
    console.error('Error fetching profile:', error);
    res.status(500).json({ error: 'Internal server error' });
  }
});

export default router;