const express = require('express');
const { getConnection, addUser } = require('../libs/mysql');
const { checkAuth } = require('../libs/middlewares');

const router = express.Router();

router.post('/add', checkAuth, async (req, res) => {
    const user = req.user;
    const { name, lastname, email, numero, password } = req.body;

    if (!name || !lastname || !email || !numero || !password) {
        return res.status(400).json({ error: 'All fields are required' });
    }

    if (!user.admin) {
        return res.status(403).json({ error: 'Permission denied' });
    }

    const connection = await getConnection();
    await addUser(connection, name, lastname, email, numero, password)
    connection.end();
    return res.status(201).json({ message: 'User added' });
});

module.exports = router;