import { NextRequest, NextResponse } from 'next/server';
import { cookies } from 'next/headers';

const KEYCLOAK_URL = process.env.NEXT_PUBLIC_KEYCLOAK_URL || 'https://security.lions.dev';
const KEYCLOAK_REALM = process.env.NEXT_PUBLIC_KEYCLOAK_REALM || 'btpxpress';
const CLIENT_ID = process.env.NEXT_PUBLIC_KEYCLOAK_CLIENT_ID || 'btpxpress-frontend';
const POST_LOGOUT_REDIRECT_URI = process.env.NEXT_PUBLIC_APP_URL || 'https://btpxpress.lions.dev';

export async function GET(request: NextRequest) {
  console.log('🚪 Logout API called');

  const cookieStore = cookies();

  // Récupérer l'id_token avant de supprimer les cookies
  const idToken = cookieStore.get('id_token')?.value;

  // Supprimer tous les cookies d'authentification
  cookieStore.delete('access_token');
  cookieStore.delete('refresh_token');
  cookieStore.delete('id_token');
  cookieStore.delete('token_expires_at');

  console.log('✅ Authentication cookies deleted');

  // Si on a un id_token, on fait un logout Keycloak
  if (idToken) {
    const logoutUrl = new URL(
      `${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/logout`
    );

    logoutUrl.searchParams.set('client_id', CLIENT_ID);
    logoutUrl.searchParams.set('post_logout_redirect_uri', POST_LOGOUT_REDIRECT_URI);
    logoutUrl.searchParams.set('id_token_hint', idToken);

    console.log('✅ Redirecting to Keycloak logout');

    return NextResponse.redirect(logoutUrl.toString());
  }

  // Sinon, rediriger directement vers la page d'accueil
  console.log('✅ Redirecting to home page');
  return NextResponse.redirect(POST_LOGOUT_REDIRECT_URI);
}

export async function POST(request: NextRequest) {
  // Même logique pour POST
  return GET(request);
}