// GET /api/google/oauth/callback
// Recoit le code OAuth de Google, le valide contre le state cookie,
// echange contre des tokens et persiste en DB.

import { NextResponse, type NextRequest } from "next/server";
import { cookies } from "next/headers";
import { requireAdmin } from "@/lib/auth/server";
import { exchangeCodeAndPersist } from "@/lib/google-oauth";

const STATE_COOKIE = "novelia_google_oauth_state";

// Construit l'URL publique des integrations en passant par BETTER_AUTH_URL
// plutot que `request.url` : derriere le reverse proxy, request.url herite
// du HOSTNAME interne du conteneur (0.0.0.0:3000), pas du domaine externe.
function settingsUrl(request: NextRequest, params?: Record<string, string>) {
  const base = process.env.BETTER_AUTH_URL?.trim() || request.nextUrl.origin;
  const url = new URL("/atelier-novelia/parametres/integrations", base);
  if (params) for (const [k, v] of Object.entries(params)) url.searchParams.set(k, v);
  return url;
}

export async function GET(request: NextRequest) {
  const session = await requireAdmin();

  const { searchParams } = request.nextUrl;
  const code = searchParams.get("code");
  const state = searchParams.get("state");
  const error = searchParams.get("error");

  const cookieStore = await cookies();
  const expectedState = cookieStore.get(STATE_COOKIE)?.value;
  cookieStore.delete(STATE_COOKIE);

  if (error) {
    return NextResponse.redirect(settingsUrl(request, { google: "error", reason: error }));
  }
  if (!code) {
    return NextResponse.redirect(settingsUrl(request, { google: "error", reason: "no_code" }));
  }
  if (!state || !expectedState || state !== expectedState) {
    return NextResponse.redirect(settingsUrl(request, { google: "error", reason: "bad_state" }));
  }

  try {
    const { email } = await exchangeCodeAndPersist(code, session.user.id);
    return NextResponse.redirect(
      settingsUrl(request, { google: "connected", email: email ?? "" }),
    );
  } catch (err) {
    console.error("[oauth callback] exchange failed", err);
    const msg = err instanceof Error ? err.message : "unknown";
    return NextResponse.redirect(
      settingsUrl(request, { google: "error", reason: msg.slice(0, 200) }),
    );
  }
}