import { NextRequest, NextResponse } from 'next/server';
import { cookies } from 'next/headers';

const KEYCLOAK_URL = process.env.NEXT_PUBLIC_KEYCLOAK_URL || 'https://security.lions.dev';
const KEYCLOAK_REALM = process.env.NEXT_PUBLIC_KEYCLOAK_REALM || 'btpxpress';

const USERINFO_ENDPOINT = `${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/userinfo`;

export async function GET(request: NextRequest) {
  console.log('👤 Userinfo API called');

  try {
    const cookieStore = await cookies();
    const accessToken = cookieStore.get('access_token')?.value;

    if (!accessToken) {
      console.error('❌ No access token found');
      return NextResponse.json(
        { error: 'Non authentifié', authenticated: false },
        { status: 401 }
      );
    }

    console.log('✅ Access token found, fetching user info from Keycloak');

    // Récupérer les informations utilisateur depuis Keycloak
    const userinfoResponse = await fetch(USERINFO_ENDPOINT, {
      method: 'GET',
      headers: {
        'Authorization': `Bearer ${accessToken}`,
        'Content-Type': 'application/json',
      },
    });

    if (!userinfoResponse.ok) {
      const errorText = await userinfoResponse.text();
      console.error('❌ Keycloak userinfo failed:', userinfoResponse.status, errorText);

      // Si le token est invalide ou expiré
      if (userinfoResponse.status === 401) {
        // Supprimer les cookies invalides
        cookieStore.delete('access_token');
        cookieStore.delete('refresh_token');
        cookieStore.delete('id_token');
        cookieStore.delete('token_expires_at');

        return NextResponse.json(
          { error: 'Token expiré ou invalide', authenticated: false },
          { status: 401 }
        );
      }

      return NextResponse.json(
        {
          error: 'Erreur lors de la récupération des informations utilisateur',
          authenticated: false
        },
        { status: userinfoResponse.status }
      );
    }

    const userinfo = await userinfoResponse.json();
    console.log('✅ User info retrieved:', userinfo.preferred_username || userinfo.sub);

    return NextResponse.json({
      authenticated: true,
      user: userinfo,
    });

  } catch (error) {
    console.error('❌ Error in userinfo API:', error);

    return NextResponse.json(
      {
        error: 'Erreur serveur',
        authenticated: false,
        message: error instanceof Error ? error.message : 'Erreur inconnue'
      },
      { status: 500 }
    );
  }
}