ember-market-frontend/backend/routes/blockedUsers.routes.js

import express from "express";
import { protectStaff } from "../middleware/staffAuthMiddleware.js";
import BlockedUser from "../models/BlockedUser.model.js";

const router = express.Router();

/**
 * Get all blocked users
 * @route   GET /api/blocked-users
 * @access  Private (Staff only)
 */
router.get("/", protectStaff, async (req, res) => {
    try {
        const blockedUsers = await BlockedUser.find()
            .sort({ blockedAt: -1 });
        res.json(blockedUsers);
    } catch (error) {
        console.error("Error fetching blocked users:", error);
        res.status(500).json({ error: "Failed to fetch blocked users" });
    }
});

/**
 * Block a user
 * @route   POST /api/blocked-users
 * @access  Private (Staff only)
 */
router.post("/", protectStaff, async (req, res) => {
    try {
        const { telegramUserId, reason } = req.body;

        if (!telegramUserId) {
            return res.status(400).json({ error: "Telegram user ID is required" });
        }

        const existingBlock = await BlockedUser.findOne({ telegramUserId });
        if (existingBlock) {
            return res.status(400).json({ error: "User is already blocked" });
        }

        const blockedUser = await BlockedUser.create({
            telegramUserId,
            reason,
            blockedBy: req.user._id
        });

        res.status(201).json(blockedUser);
    } catch (error) {
        console.error("Error blocking user:", error);
        res.status(500).json({ error: "Failed to block user" });
    }
});

/**
 * Unblock a user
 * @route   DELETE /api/blocked-users/:telegramUserId
 * @access  Private (Staff only)
 */
router.delete("/:telegramUserId", protectStaff, async (req, res) => {
    try {
        const { telegramUserId } = req.params;

        const result = await BlockedUser.findOneAndDelete({ telegramUserId });
        if (!result) {
            return res.status(404).json({ error: "User is not blocked" });
        }

        res.json({ message: "User unblocked successfully" });
    } catch (error) {
        console.error("Error unblocking user:", error);
        res.status(500).json({ error: "Failed to unblock user" });
    }
});

export default router;