// controllers/auth.js
const jwt = require('jsonwebtoken');
const db = require('../config/db');
const { successResponse, errorResponse } = require('../utils/apiResponse');

class AuthController {
  static async login(req, res) {
    try {
      const { username, password } = req.body;
      
      // 实际项目中应该使用 bcrypt 比较密码哈希
      const [users] = await db.query(
        'SELECT * FROM users WHERE username = ? AND password_hash = ?',
        [username, password]
      );
      
      if (users.length === 0) {
        return errorResponse(res, 'Invalid credentials', 401);
      }
      
      const user = users[0];
      const token = jwt.sign(
        { id: user.id, username: user.username, role: user.role },
        process.env.JWT_SECRET,
        { expiresIn: '1h' }
      );
      
      successResponse(res, { token, user });
    } catch (err) {
      errorResponse(res, err);
    }
  }
}

module.exports = AuthController;