import { NextRequest, NextResponse } from "next/server";
import { getServerSession } from "@/lib/auth";
import { db } from "@/lib/db";
import { images } from "@/lib/db/schema";
import { writeFile, mkdir, unlink } from "fs/promises";
import path from "path";
import { v4 as uuidv4 } from "uuid";
import { eq } from "drizzle-orm";

const UPLOAD_DIR = path.join(process.cwd(), "public", "uploads", "images");

const ALLOWED_TYPES = ["image/png", "image/jpeg", "image/gif", "image/webp"];
const MAX_SIZE = 5 * 1024 * 1024;

export async function GET() {
  const session = await getServerSession();
  if (!session || !session.isAdmin) {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }
  try {
    const all = db.select().from(images).orderBy(images.createdAt).all();
    const list = all.map(i => ({
      id: i.id,
      originalName: i.originalName,
      url: `/uploads/images/${i.storedFilename}`,
      mimeType: i.mimeType,
      fileSize: i.fileSize,
    }));
    return NextResponse.json({ images: list });
  } catch {
    return NextResponse.json({ images: [] });
  }
}

export async function POST(req: NextRequest) {
  const session = await getServerSession();
  if (!session || !session.isAdmin) {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }
  try {
    const formData = await req.formData();
    const files = formData.getAll("files") as File[];
    if (!files.length) return NextResponse.json({ error: "No files" }, { status: 400 });

    await mkdir(UPLOAD_DIR, { recursive: true });
    const results: { url: string; originalName: string; mimeType: string; fileSize: number }[] = [];

    for (const file of files) {
      if (!ALLOWED_TYPES.includes(file.type)) continue;
      if (file.size > MAX_SIZE) continue;

      const ext = path.extname(file.name) || ".png";
      const filename = `${uuidv4()}${ext}`;
      const filepath = path.join(UPLOAD_DIR, filename);
      const bytes = await file.arrayBuffer();
      await writeFile(filepath, Buffer.from(bytes));

      const id = uuidv4();
      db.insert(images).values({
        id,
        originalName: file.name,
        storedFilename: filename,
        mimeType: file.type,
        fileSize: file.size,
        uploadedBy: session.id,
        createdAt: new Date().toISOString(),
      }).run();

      results.push({ url: `/uploads/images/${filename}`, originalName: file.name, mimeType: file.type, fileSize: file.size });
    }

    return NextResponse.json({ images: results });
  } catch {
    return NextResponse.json({ error: "Upload failed" }, { status: 500 });
  }
}

export async function DELETE(req: NextRequest) {
  const session = await getServerSession();
  if (!session || !session.isAdmin) {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }
  const filename = req.nextUrl.searchParams.get("filename");
  if (!filename) return NextResponse.json({ error: "No filename" }, { status: 400 });
  try {
    const filepath = path.join(UPLOAD_DIR, filename);
    await unlink(filepath).catch(() => {});
    db.delete(images).where(eq(images.storedFilename, filename)).run();
    return NextResponse.json({ success: true });
  } catch {
    return NextResponse.json({ error: "Delete failed" }, { status: 500 });
  }
}