/**
 * BytesBuys.com - Pro Worker V2.16.8
 * 1. EMAILS: Optimized Confirmation Email - Removed labels (Recipient, Company, Address, Phone).
 * 2. EMAILS: Moved Phone Number directly under the Recipient name.
 * 3. EMAILS: Preserved "Instructions:" label as requested.
 * 4. UI: Updated version to V2.16.8 in Dispatch Tool.
 * 5. LOGIC: 100% Locked Metadata & Inventory & Latest GAS URL.
 */

const GITHUB_OWNER = "Lemon-bh";
const GITHUB_REPO = "my-store";
const GITHUB_PATH = "products.json";
const PICKING_EMAIL = "liuxin642@gmail.com"; 

const ORDER_SHEET_URL = "https://script.google.com/macros/s/AKfycbxeHScvU1o5biG_BooXXk2qixp92d6oEckt4fd75LNHONcmOHye9ByCxHR4Khz_Gqj8_g/exec";
const SHEET_SECRET = "BytesBuys_2026_Secure"; 

export default {
  async fetch(request, env) {
    const url = new URL(request.url);
    const corsHeaders = { "Access-Control-Allow-Origin": "*", "Access-Control-Allow-Methods": "POST, GET, OPTIONS", "Access-Control-Allow-Headers": "Content-Type" };
    if (request.method === "OPTIONS") return new Response(null, { headers: corsHeaders });

    if (url.pathname === "/scan") return new Response(SCANNER_HTML, { headers: { "Content-Type": "text/html;charset=UTF-8" } });

    if (url.pathname === "/api/dispatch" && request.method === "POST") {
      try {
        const { order_id, tracking } = await request.json();
        const gasRes = await fetch(ORDER_SHEET_URL, {
          method: "POST",
          body: JSON.stringify({ secret: SHEET_SECRET, action: "scan_ship", order_id, tracking })
        });
        const gasData = await gasRes.json();
        if (gasData.status === "success") {
          await sendShippedResend(gasData, env); 
          return new Response(JSON.stringify({ status: "success" }), { headers: corsHeaders });
        }
        return new Response(JSON.stringify({ status: "error", msg: gasData.msg }), { headers: corsHeaders });
      } catch (e) { return new Response(JSON.stringify({ status: "error", msg: e.message }), { headers: corsHeaders }); }
    }

    if (url.pathname === "/create-session" && request.method === "POST") {
      try {
        const { items, customer } = await request.json();
        const ghRes = await fetch(`https://api.github.com/repos/${GITHUB_OWNER}/${GITHUB_REPO}/contents/${GITHUB_PATH}?t=${Date.now()}`, { headers: { "Authorization": `token ${env.GITHUB_TOKEN}`, "User-Agent": "Cloudflare-Worker" } });
        const fileData = await ghRes.json();
        const products = JSON.parse(decodeURIComponent(escape(atob(fileData.content.replace(/\s/g, "")))));
        const params = new URLSearchParams();
        params.append("mode", "payment");
        params.append("success_url", `https://bytesbuys.com/success.html?oid=${customer.order_id}&em=${encodeURIComponent(customer.email)}`);
        params.append("cancel_url", "https://bytesbuys.com/cancel.html");
        params.append("metadata[order_id]", customer.order_id);
        params.append("metadata[customer_name]", customer.name);
        params.append("metadata[customer_phone]", customer.phone);
        params.append("metadata[customer_company]", customer.company || "N/A");
        params.append("metadata[customer_street]", customer.street);
        params.append("metadata[customer_street_2]", customer.street_2 || "N/A");
        params.append("metadata[customer_suburb]", customer.suburb);
        params.append("metadata[customer_state]", customer.state);
        params.append("metadata[customer_postcode]", customer.postcode);
        params.append("metadata[instructions]", customer.instructions || "None");
        params.append("payment_intent_data[description]", `Order Reference: #${customer.order_id}`);
        items.forEach((item, i) => {
          const p = products.find(x => String(x.id) === String(item.id));
          if (p) {
            params.append(`line_items[${i}][price_data][currency]`, "aud");
            params.append(`line_items[${i}][price_data][unit_amount]`, Math.round(p.price * 100));
            params.append(`line_items[${i}][price_data][product_data][name]`, p.name);
            params.append(`line_items[${i}][price_data][product_data][metadata][loc]`, p.location || "N/A");
            params.append(`line_items[${i}][price_data][product_data][metadata][sku]`, p.sku || "N/A");
            params.append(`line_items[${i}][quantity]`, item.qty);
          }
        });
        params.append("shipping_options[0][shipping_rate_data][display_name]", "Standard Delivery");
        params.append("shipping_options[0][shipping_rate_data][type]", "fixed_amount");
        params.append("shipping_options[0][shipping_rate_data][fixed_amount][amount]", "0");
        params.append("shipping_options[0][shipping_rate_data][fixed_amount][currency]", "aud");
        const sessionRes = await fetch("https://api.stripe.com/v1/checkout/sessions", { method: "POST", headers: { "Authorization": `Bearer ${env.STRIPE_SECRET_KEY}`, "Content-Type": "application/x-www-form-urlencoded" }, body: params });
        const session = await sessionRes.json();
        return new Response(JSON.stringify({ url: session.url }), { headers: corsHeaders });
      } catch (e) { return new Response(JSON.stringify({ error: e.message }), { status: 500, headers: corsHeaders }); }
    }

    if (url.pathname === "/webhook" && request.method === "POST") {
      try {
        const body = await request.text();
        const event = JSON.parse(body);
        if (event.type === "checkout.session.completed") {
          const session = event.data.object;
          const lineItemsRes = await fetch(`https://api.stripe.com/v1/checkout/sessions/${session.id}/line_items?expand[]=data.price.product`, { headers: { "Authorization": `Bearer ${env.STRIPE_SECRET_KEY}` } });
          const lineItems = await lineItemsRes.json();
          await updateInventory(lineItems.data, env);
          await syncOrderToSheet(session, lineItems.data);
          await sendPickingEmail(session, lineItems.data, env);
          await sendCustomerConfirmEmail(session, lineItems.data, env);
        }
        return new Response("OK", { status: 200 });
      } catch (e) { return new Response("Webhook Error", { status: 500 }); }
    }
    return new Response(JSON.stringify({ status: "Active" }), { status: 200 });
  }
};

/** 🥇 数据同步逻辑 (BB_Orders) */
async function syncOrderToSheet(session, items) {
  const itemSummary = items.map(i => `${i.description} [LOC:${i.price.product.metadata?.loc || "N/A"}][SKU:${i.price.product.metadata?.sku || "N/A"}] (x${i.quantity})`).join(", ");
  const payload = { secret: SHEET_SECRET, action: "sync_order", order_id: session.metadata?.order_id, name: session.metadata?.customer_name, email: session.customer_details?.email, phone: session.metadata?.customer_phone, company: session.metadata?.customer_company, street: session.metadata?.customer_street, street_2: session.metadata?.customer_street_2 || "N/A", suburb: session.metadata?.customer_suburb, state: session.metadata?.customer_state, postcode: session.metadata?.customer_postcode, amount: (session.amount_total / 100).toFixed(2), items: itemSummary, instructions: session.metadata?.instructions || "None" };
  await fetch(ORDER_SHEET_URL, { method: "POST", headers: {"Content-Type": "application/json"}, body: JSON.stringify(payload) });
}

/** 🥇 库存扣减逻辑 */
async function updateInventory(paidItems, env) {
  const url = `https://api.github.com/repos/${GITHUB_OWNER}/${GITHUB_REPO}/contents/${GITHUB_PATH}`;
  const res = await fetch(url, { headers: { "Authorization": `token ${env.GITHUB_TOKEN}`, "User-Agent": "Cloudflare-Worker" } });
  const data = await res.json();
  let products = JSON.parse(decodeURIComponent(escape(atob(data.content.replace(/\s/g, "")))));
  paidItems.forEach(item => {
    const target = products.find(p => p.name === item.description);
    if (target) target.stock = Math.max(0, target.stock - item.quantity);
  });
  await fetch(url, { method: "PUT", headers: { "Authorization": `token ${env.GITHUB_TOKEN}`, "Content-Type": "application/json", "User-Agent": "Cloudflare-Worker" }, body: JSON.stringify({ message: "Stock Update", content: btoa(unescape(encodeURIComponent(JSON.stringify(products, null, 2)))), sha: data.sha }) });
}

async function sendPickingEmail(session, items, env) {
  const tableRows = items.map(x => `<tr><td style="border:1px solid #ddd;padding:8px;text-align:center;font-weight:bold;background:#fdfcf0;">${x.price.product.metadata?.loc || "N/A"}</td><td style="border:1px solid #ddd;padding:8px;">${x.description}</td><td style="border:1px solid #ddd;padding:8px;text-align:center;font-size:12px;">${x.price.product.metadata?.sku || "N/A"}</td><td style="border:1px solid #ddd;padding:8px;text-align:center;">${x.quantity}</td></tr>`).join('');
  const htmlBody = `<div style="font-family:sans-serif;max-width:600px;"><h2 style="border-bottom:2px solid #0366d6;padding-bottom:10px;">📦 Picking List - #${session.metadata?.order_id}</h2><table style="width:100%;border-collapse:collapse;"><thead><tr style="background:#0366d6;color:white;"><th>Loc</th><th>Item</th><th>SKU</th><th>Qty</th></tr></thead><tbody>${tableRows}</tbody></table><p>Recipient: ${session.metadata?.customer_name}<br>Address: ${session.metadata?.customer_street}, ${session.metadata?.customer_suburb} ${session.metadata?.customer_postcode}</p></div>`;
  await fetch("https://api.resend.com/emails", { method: "POST", headers: { "Authorization": `Bearer ${env.RESEND_API_KEY}`, "Content-Type": "application/json" }, body: JSON.stringify({ from: "BytesBuys.com <order@bytesbuys.com>", to: [PICKING_EMAIL], subject: `[Picking] Order #${session.metadata?.order_id}`, html: htmlBody }) });
}

async function sendShippedResend(info, env) {
  const ausPostUrl = `https://auspost.com.au/mypost/track/#/details/${info.tracking}`;
  const htmlBody = `
  <div style="font-family:sans-serif;max-width:600px;margin:auto;border:1px solid #eee;padding:40px;border-radius:20px;color:#333;line-height:1.6;">
    <h2 style="color:#28a745;text-align:center;font-size:26px;margin-bottom:30px;">Order Shipped! 📦</h2>
    <p style="font-size:16px;">Hi ${info.name},</p>
    <p style="font-size:16px;">Great news! Your order <b>#${info.order_id}</b> has been dispatched and is on its way via Australia Post.</p>
    <div style="background:#f4f9ff;padding:30px;border-radius:15px;margin:30px 0;border-left:5px solid #0366d6;">
      <span style="font-size:14px;color:#666;text-transform:uppercase;letter-spacing:1px;">Tracking Number:</span><br>
      <a href="${ausPostUrl}" style="font-size:18px;color:#0366d6;text-decoration:none;font-weight:bold;display:block;margin-top:10px;">${info.tracking}</a>
      <span style="font-size:12px;color:#666;font-style:italic;display:block;margin-top:5px;">(Click the number to track your parcel)</span>
    </div>
    <p style="font-size:16px;margin-top:40px;">Thank you for shopping with <b>BytesBuys.com</b>!</p>
  </div>`;
  await fetch("https://api.resend.com/emails", { method: "POST", headers: { "Authorization": `Bearer ${env.RESEND_API_KEY}`, "Content-Type": "application/json" }, body: JSON.stringify({ from: "BytesBuys.com <order@bytesbuys.com>", to: [info.email], subject: `Your BytesBuys Order #${info.order_id} is on its way!`, html: htmlBody }) });
}

async function sendCustomerConfirmEmail(session, items, env) {
  const buyerEmail = session.customer_details?.email;
  if (!buyerEmail) return;
  const tableRows = items.map(x => `<tr><td style="border-bottom:1px solid #eee;padding:15px 10px;font-size:15px;">${x.description}</td><td style="border-bottom:1px solid #eee;padding:15px 10px;text-align:center;font-size:15px;">${x.quantity}</td><td style="border-bottom:1px solid #eee;padding:15px 10px;text-align:right;font-size:15px;">$${(x.amount_total / 100).toFixed(2)}</td></tr>`).join('');
  
  const companyValue = (session.metadata?.customer_company && session.metadata?.customer_company !== "N/A") ? `${session.metadata.customer_company}<br>` : "";
  const address2Value = (session.metadata?.customer_street_2 && session.metadata?.customer_street_2 !== "N/A") ? `${session.metadata.customer_street_2}<br>` : "";
  
  const htmlBody = `
  <div style="font-family:sans-serif;max-width:640px;margin:auto;border:1px solid #eee;padding:40px;border-radius:20px;color:#333;">
    <div style="text-align:center;margin-bottom:40px;">
      <h2 style="color:#28a745;font-size:28px;margin-bottom:10px;">Order confirmed!</h2>
      <p style="font-size:16px;color:#666;">Hi ${session.metadata?.customer_name}, thanks for shopping with <b>BytesBuys.com</b>! Order received and currently processing. We will arrange delivery as soon as possible.</p>
    </div>
    <table style="width:100%;border-collapse:collapse;margin-bottom:30px;">
      <thead><tr style="color:#999;font-size:13px;text-align:left;text-transform:uppercase;border-bottom:2px solid #eee;"><th style="padding:10px;">Item Description</th><th style="padding:10px;text-align:center;">Qty</th><th style="padding:10px;text-align:right;">Price</th></tr></thead>
      <tbody>${tableRows}</tbody>
    </table>
    <div style="text-align:right;margin-bottom:40px;font-size:18px;"><b>Total Paid: $${(session.amount_total / 100).toFixed(2)} AUD</b></div>
    <div style="background:#f8fbff;padding:30px;border-radius:15px;font-size:15px;line-height:1.7;border:1px solid #e1efff;margin-bottom:30px;">
      <b style="color:#0366d6;font-size:16px;display:block;margin-bottom:10px;">Shipping Details:</b>
      ${session.metadata?.customer_name}<br>
      ${session.metadata?.customer_phone}<br>
      ${companyValue}
      ${session.metadata?.customer_street}<br>
      ${address2Value}
      ${session.metadata?.customer_suburb.toUpperCase()}, ${session.metadata?.customer_state} ${session.metadata?.customer_postcode}<br>
      <br>
      <b>Instructions:</b> ${session.metadata?.instructions || "None"}
    </div>
    <div style="background:#fffbe6;padding:25px;border-radius:15px;font-size:14px;line-height:1.6;border:1px solid #ffe58f;color:#856404;">
      <b style="display:block;margin-bottom:8px;">⚠️ Friendly Reminder:</b>
      1. Please check your delivery address carefully. If you find any mistakes, please <b>reply to this email immediately</b>.<br>
      2. We suggest avoiding PO Boxes as delivery may not be possible.<br>
      3. Please note that we cannot be held responsible for delivery issues resulting from incorrect address details provided.
    </div>
  </div>`;
  await fetch("https://api.resend.com/emails", { method: "POST", headers: { "Authorization": `Bearer ${env.RESEND_API_KEY}`, "Content-Type": "application/json" }, body: JSON.stringify({ from: "BytesBuys.com <order@bytesbuys.com>", to: [buyerEmail], subject: `BytesBuys.com Order Confirmation - #${session.metadata?.order_id} - Thanks for shopping!`, html: htmlBody }) });
}

const SCANNER_HTML = `
<!DOCTYPE html><html><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><script src="https://unpkg.com/html5-qrcode"></script>
<style>
  body { font-family: sans-serif; text-align: center; padding: 10px; background: #f4f7f9; margin:0; }
  h3 { margin: 10px 0; font-size: 18px; }
  #reader { width: 100%; max-width: 450px; margin: auto; border-radius: 12px; overflow: hidden; background: #000; }
  .box { background: white; padding: 12px; border-radius: 10px; margin-top: 10px; text-align: left; }
  label { font-size: 11px; color: #888; display: block; margin-bottom: 2px; }
  input { width: 100%; border: none; font-size: 18px; font-weight: bold; color: #0366d6; outline: none; background: transparent; padding: 2px 0; }
  button { width: 100%; padding: 16px; background: #0366d6; color: white; border: none; border-radius: 10px; font-size: 18px; font-weight: bold; margin-top: 10px; cursor: pointer; }
  #btnStart { background: #28a745; margin-bottom: 10px; padding: 12px; font-size: 16px; }
  #msg { margin-top: 15px; font-weight: bold; font-size: 14px; }
</style></head>
<body>
  <h3>📦 BytesBuys Dispatch Tool V2.16.8</h3>
  <div id="reader"></div>
  <button id="btnStart" onclick="startScan()">ACTIVATE CAMERA</button>
  <div class="box"><label>Order ID (QR Code)</label><input type="text" id="oid" readonly placeholder="Scan QR..."></div>
  <div class="box"><label>Tracking # (Barcode)</label><input type="text" id="tnum" readonly placeholder="Scan Label..."></div>
  <button id="btnSubmit" onclick="submit()">CONFIRM & NOTIFY CUSTOMER</button>
  <div id="msg"></div>
<script>
  let scanner = new Html5Qrcode("reader");
  function startScan() { 
    const config = { fps: 25, qrbox: { width: 350, height: 250 }, aspectRatio: 1.77, formatsToSupport: [0, 4, 3] }; 
    scanner.start({ facingMode: "environment" }, config, (text) => { 
      if (navigator.vibrate) navigator.vibrate(80); 
      const val = text.trim(); 
      if (val.toUpperCase().startsWith("OR") || val.toUpperCase().startsWith("PO")) document.getElementById('oid').value = val; 
      else document.getElementById('tnum').value = val; 
    }).then(() => document.getElementById('btnStart').style.display='none'); 
  }
  async function submit() {
    const oid = document.getElementById('oid').value; const tnum = document.getElementById('tnum').value;
    if(!oid || !tnum) return alert("Please scan both codes");
    const btn = document.getElementById('btnSubmit'); const msg = document.getElementById('msg');
    btn.disabled = true; btn.innerText = "PROCESSING...";
    try {
      const res = await fetch("/api/dispatch", { method: "POST", body: JSON.stringify({ order_id: oid, tracking: tnum }) });
      const result = await res.json();
      if(result.status === "success") {
        msg.innerText = "✅ SUCCESS: Dispatched!"; msg.style.color = "#28a745";
        document.getElementById('oid').value = ""; document.getElementById('tnum').value = "";
      } else { msg.innerText = "❌ ERROR: " + result.msg; msg.style.color = "#d73a49"; }
    } catch(e) { msg.innerText = "❌ Connection Failed"; }
    btn.disabled = false; btn.innerText = "CONFIRM & NOTIFY CUSTOMER";
  }
</script></body></html>`;