const express = require('express'); const router = express.Router(); const db = require('../database'); const crypto = require('crypto'); const bcrypt = require('bcrypt'); // Middleware para verificar se é admin const requireAdmin = (req, res, next) => { if (req.user && req.user.is_admin) { return next(); } return res.status(403).json({ success: false, message: 'Acesso negado' }); }; // ============================================================== // 1. LISTAR CLÍNICAS (ADMIN) // ============================================================== router.get('/', requireAdmin, async (req, res) => { try { const clinics = await db.all(` SELECT id, clinic_name, email, pc_name, machine_token, last_ip, is_active, created_at FROM clinics_devices ORDER BY created_at DESC `); res.json({ success: true, clinics }); } catch (error) { console.error('Erro ao listar clínicas:', error); res.status(500).json({ success: false, message: 'Erro interno do servidor' }); } }); // ============================================================== // 2. CADASTRAR CLÍNICA E GERAR TOKEN (ADMIN) // ============================================================== router.post('/', requireAdmin, async (req, res) => { const { clinic_name, email, password, pc_name } = req.body; if (!clinic_name || !email || !password || !pc_name) { return res.status(400).json({ success: false, message: 'Preencha todos os campos obrigatórios' }); } try { // Verificar se email já existe const existing = await db.get(`SELECT id FROM clinics_devices WHERE email = ?`, [email]); if (existing) { return res.status(400).json({ success: false, message: 'Email já cadastrado para outra clínica' }); } // Gerar hash da senha e token UUID da máquina const password_hash = bcrypt.hashSync(password, 10); const machine_token = crypto.randomUUID(); await db.run(` INSERT INTO clinics_devices (clinic_name, email, password_hash, pc_name, machine_token) VALUES (?, ?, ?, ?, ?) `, [clinic_name, email, password_hash, pc_name, machine_token]); res.json({ success: true, message: 'Clínica cadastrada com sucesso!', machine_token }); } catch (error) { console.error('Erro ao cadastrar clínica:', error); res.status(500).json({ success: false, message: 'Erro interno ao cadastrar' }); } }); // ============================================================== // 3. ALTERAR STATUS DA CLÍNICA (ATIVAR/DESATIVAR) (ADMIN) // ============================================================== router.put('/:id/status', requireAdmin, async (req, res) => { const { id } = req.params; const { is_active } = req.body; try { await db.run(`UPDATE clinics_devices SET is_active = ? WHERE id = ?`, [is_active ? 1 : 0, id]); res.json({ success: true, message: 'Status atualizado com sucesso' }); } catch (error) { res.status(500).json({ success: false, message: 'Erro interno' }); } }); // ============================================================== // 4. EXCLUIR CLÍNICA (ADMIN) // ============================================================== router.delete('/:id', requireAdmin, async (req, res) => { const { id } = req.params; try { await db.run(`DELETE FROM clinics_devices WHERE id = ?`, [id]); res.json({ success: true, message: 'Clínica excluída com sucesso' }); } catch (error) { res.status(500).json({ success: false, message: 'Erro interno' }); } }); module.exports = router;