import { NextRequest, NextResponse } from "next/server";
import bcrypt from "bcryptjs";
import { db } from "@/lib/db";

export async function POST(req: NextRequest) {
  const body = await req.json().catch(() => ({}));
  const password: string = typeof body.password === "string" ? body.password : "";

  if (!password) {
    return NextResponse.json({ ok: false, error: "Password required." }, { status: 400 });
  }

  const [modeSetting, hashSetting, tokenSetting] = await Promise.all([
    db.siteSetting.findFirst({ where: { key: "tester_mode" } }),
    db.siteSetting.findFirst({ where: { key: "tester_password" } }),
    db.siteSetting.findFirst({ where: { key: "tester_token" } }),
  ]);

  // If tester mode is off, grant access anyway
  if (modeSetting?.value !== "true") {
    return NextResponse.json({ ok: true });
  }

  if (!hashSetting?.value || !tokenSetting?.value) {
    return NextResponse.json({ ok: false, error: "Tester password not configured." }, { status: 400 });
  }

  const valid = await bcrypt.compare(password, hashSetting.value);
  if (!valid) {
    return NextResponse.json({ ok: false, error: "Incorrect password." }, { status: 401 });
  }

  const res = NextResponse.json({ ok: true });
  res.cookies.set("kc_tester", tokenSetting.value, {
    httpOnly: true,
    secure: process.env.NODE_ENV === "production",
    sameSite: "lax",
    maxAge: 60 * 60 * 24 * 30, // 30 days
    path: "/",
  });
  return res;
}

// Clear tester cookie (logout from tester mode)
export async function DELETE() {
  const res = NextResponse.json({ ok: true });
  res.cookies.set("kc_tester", "", { maxAge: 0, path: "/" });
  return res;
}