import { NextResponse } from "next/server";
import { loginSchema } from "@/lib/validation/auth";
import prisma from "@/lib/prisma";
import { verifyPassword } from "@/lib/password";
import { getClientKey, isRateLimited } from "@/lib/ratelimit";

export async function GET(req: Request) {
  try {
    const cookieHeader = req.headers.get("cookie") || "";
    const uid = cookieHeader
      .split(";")
      .map((s) => s.trim())
      .find((pair) => pair.startsWith("uid="))
      ?.split("=")[1];
    if (!uid) return NextResponse.json({ ok: false }, { status: 200 });
    const user = await prisma.user.findUnique({ where: { userId: decodeURIComponent(uid) } });
    if (!user) return NextResponse.json({ ok: false }, { status: 200 });
    return NextResponse.json({ ok: true, user: { userId: user.userId, nickname: user.nickname } });
  } catch {
    return NextResponse.json({ ok: false }, { status: 200 });
  }
}

export async function POST(req: Request) {
  const key = getClientKey(req, "login");
  if (isRateLimited(key, 5, 60_000)) {
    return NextResponse.json({ error: "Too Many Requests" }, { status: 429 });
  }
  const body = await req.json();
  const parsed = loginSchema.safeParse(body);
  if (!parsed.success)
    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
  const { nickname, password } = parsed.data;
  const user = await prisma.user.findUnique({ where: { nickname } });
  if (!user || !user.passwordHash || !verifyPassword(password, user.passwordHash)) {
    return NextResponse.json({ error: "아이디 또는 비밀번호가 올바르지 않습니다" }, { status: 401 });
  }
  // 사용자의 관리자 권한 여부 확인
  let isAdmin = false;
  const userRoles = await prisma.userRole.findMany({
    where: { userId: user.userId },
    select: { roleId: true },
  });
  if (userRoles.length > 0) {
    const roleIds = userRoles.map((r) => r.roleId);
    const hasAdmin = await prisma.rolePermission.findFirst({
      where: {
        roleId: { in: roleIds },
        resource: "ADMIN",
        action: "ADMINISTER",
        allowed: true,
      },
      select: { id: true },
    });
    isAdmin = !!hasAdmin;
  }

  const res = NextResponse.json({ ok: true, user: { userId: user.userId, nickname: user.nickname } });
  res.headers.append(
    "Set-Cookie",
    `uid=${encodeURIComponent(user.userId)}; Path=/; HttpOnly; SameSite=Lax`
  );
  res.headers.append(
    "Set-Cookie",
    `isAdmin=${isAdmin ? "1" : "0"}; Path=/; HttpOnly; SameSite=Lax`
  );
  return res;
}

export async function DELETE() {
  const res = NextResponse.json({ ok: true });
  res.headers.append("Set-Cookie", `uid=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax`);
  res.headers.append("Set-Cookie", `isAdmin=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax`);
  return res;
}