import { NextRequest, NextResponse } from 'next/server';
import supabase from '@/lib/db';
import bcrypt from 'bcryptjs';

export async function POST(request: NextRequest) {
  try {
    const body = await request.json();
    const { nip, username, password, role } = body;

    // Validate required fields
    if (!password || !role) {
        return NextResponse.json(
        { message: 'Password dan role diperlukan' },
        { status: 400 }
        );
      }

    // Validate role
    if (!['pimpinan', 'admin'].includes(role)) {
      return NextResponse.json(
        { message: 'Role tidak valid' },
        { status: 400 }
      );
    }

    let query = supabase
      .from('user_app')
      .select('*');

    // Add specific field filter based on role
    if (role === 'pimpinan') {
      if (!nip) {
        return NextResponse.json(
          { message: 'NIP diperlukan untuk Pimpinan' },
          { status: 400 }
        );
      }
      // For pimpinan login, search for users with role ketuajurusan OR ketuaprodi
      query = query.in('role_user', ['ketuajurusan', 'ketuaprodi']).eq('nip', nip);
    } else if (role === 'admin') {
      if (!username) {
        return NextResponse.json(
          { message: 'Username diperlukan untuk Admin' },
          { status: 400 }
        );
      }
      query = query.eq('role_user', 'admin').eq('username', username);
    }

    const { data: users, error } = await query;

      if (error) {
      console.error('Database error:', error);
      return NextResponse.json(
        { message: 'Internal Server Error' },
        { status: 500 }
      );
    }

    if (!users || users.length === 0) {
      return NextResponse.json(
        { message: 'User tidak ditemukan' },
        { status: 401 }
      );
    }

    const user = users[0];

    // Verify password    
    const isPasswordValid = await bcrypt.compare(password, user.password);

    if (!isPasswordValid) {
      return NextResponse.json(
        { message: 'Password salah' },
        { status: 401 }
      );
    }

    // Return user data (without password)
    const { password: _, ...userWithoutPassword } = user;

    // Create response with session cookie
    const response = NextResponse.json({
      message: 'Login berhasil',
      user: userWithoutPassword,
    });

    // Set secure session cookie
    response.cookies.set('user_session', JSON.stringify(userWithoutPassword), {
      httpOnly: true,
      secure: process.env.NODE_ENV === 'production',
      sameSite: 'lax',
      maxAge: 24 * 60 * 60, // 24 hours
      path: '/',
    });

    return response;

  } catch (error) {
    console.error('Login error:', error);
    return NextResponse.json(
      { message: 'Internal Server Error' },
      { status: 500 }
    );
  }
}

// Handle OPTIONS request for CORS
export async function OPTIONS() {
  return NextResponse.json({}, {
    headers: {
      'Access-Control-Allow-Origin': '*',
      'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',
      'Access-Control-Allow-Headers': 'Content-Type, Authorization',
    }
  });
}