// POST /api/admin/impersonate { userId } : prend la session d'un autre user
// (le plugin admin de Better Auth gere `impersonatedBy` automatiquement).
// POST /api/admin/impersonate/stop : revient sur la session admin originale.

import { NextResponse, type NextRequest } from "next/server";
import { headers } from "next/headers";
import { auth } from "@/lib/auth";
import { requireAdmin } from "@/lib/auth/server";

function redirectBase(request: NextRequest): string {
  return process.env.BETTER_AUTH_URL?.trim() || request.nextUrl.origin;
}

export async function POST(request: NextRequest) {
  await requireAdmin();

  const formData = await request.formData().catch(() => null);
  const userId = formData?.get("userId");

  if (!userId || typeof userId !== "string") {
    return NextResponse.json({ error: "userId requis" }, { status: 400 });
  }

  try {
    await auth.api.impersonateUser({
      body: { userId },
      headers: await headers(),
    });
  } catch (err) {
    console.error("[impersonate] failed", err);
    return NextResponse.redirect(
      new URL(`/atelier-novelia/clients?impersonate=error`, redirectBase(request)),
      { status: 303 },
    );
  }

  return NextResponse.redirect(new URL("/portail", redirectBase(request)), { status: 303 });
}