import { NextResponse, NextRequest } from "next/server";
import prisma from "app/lib/db";
import { SignJWT } from "jose";

import { getJWTSecretKey, login, setUserDataCookie } from "../actions";

export interface UserLoginRequest {
	email: string
	password: string
}

//render route afresh every time
const dynamic = 'force-dynamic'

//POST endpoint
export async function POST(request: NextRequest) {
	const body = await request.json()
	console.log(`body: ${JSON.stringify(body)}`)
	const { email, password } = body

	if (!email || !password) {
		const res = {
			succes: false,
			message: 'Email or password missing'
		}
		return NextResponse.json(res, { status: 400 })
	}

	try {

		//fetch user from db, throw if email or password are invalid
		const user = await login({ email, password })

		//create and sign JWT
		const token = await new SignJWT({
			...user
		})
			.setProtectedHeader({ alg: 'HS256' })
			.setIssuedAt()
			.setExpirationTime('1h')
			.sign(await getJWTSecretKey())

		//make response
		const res = { success: true }
		const response = NextResponse.json(res)

		//Store jwt as secure http-only cookie
		response.cookies.set({
			name: 'token',
			value: token,
			path: '/', //defines where the cookie can be accessed - in this case, site wide
			maxAge: 3600, //1 hour
			httpOnly: true,
			sameSite: 'strict'
		})
		//Store public user data as cookie
		setUserDataCookie(user)

		return response

	} catch (error) {
		console.error(error)
		const res = { success: false, message: error.message || 'something went wrong' }
		return NextResponse.json(res, { status: 500 })
	}
}