import type { Metadata } from "next";
import Link from "next/link";
import { eq } from "drizzle-orm";
import { db, schema } from "@/lib/db";
import { verifyPasswordResetToken } from "@/lib/auth-tokens";
import SetPasswordForm from "./SetPasswordForm";

export const metadata: Metadata = {
  title: "Définir mon mot de passe",
  robots: { index: false, follow: false },
};

export default async function SetPasswordPage({
  searchParams,
}: {
  searchParams: Promise<{ token?: string; uid?: string }>;
}) {
  const { token, uid } = await searchParams;

  // Valide le token côté server avant d'afficher le form
  const isValid =
    typeof token === "string" &&
    typeof uid === "string" &&
    token.length > 10 &&
    uid.length > 0 &&
    (await verifyPasswordResetToken(uid, token));

  let userEmail: string | null = null;
  if (isValid && uid) {
    const u = (
      await db
        .select({ email: schema.user.email })
        .from(schema.user)
        .where(eq(schema.user.id, uid))
        .limit(1)
    )[0];
    userEmail = u?.email ?? null;
  }

  return (
    <main className="min-h-screen flex items-center justify-center px-6 py-20 bg-background">
      <div className="w-full max-w-md">
        <div className="text-center mb-12">
          <h1 className="font-serif font-bold text-3xl tracking-tighter text-primary mb-3">
            Socialex
          </h1>
          <p className="eyebrow">Définir votre mot de passe</p>
        </div>

        <div className="bg-white border border-outline-variant p-10">
          {!isValid || !uid || !token ? (
            <InvalidTokenView />
          ) : (
            <SetPasswordForm
              userId={uid}
              token={token}
              email={userEmail ?? ""}
            />
          )}
        </div>

        <p className="text-xs text-on-surface-variant text-center mt-8">
          <Link
            href="/login"
            className="underline hover:text-primary transition-colors"
          >
            Retour à la connexion
          </Link>
        </p>
      </div>
    </main>
  );
}

function InvalidTokenView() {
  return (
    <div className="space-y-6 text-center py-4">
      <p className="font-serif text-xl text-primary">Lien invalide ou expiré</p>
      <p className="text-sm text-on-surface-variant">
        Ce lien n'est plus valable. Demandez un nouveau lien depuis la page de
        connexion.
      </p>
      <Link
        href="/forgot-password"
        className="btn btn-primary inline-block w-full"
      >
        Demander un nouveau lien
      </Link>
    </div>
  );
}