import { cookies } from 'next/headers'
import { NextRequest } from 'next/server'
import pool from './db'
import { PortalUser } from './types'

export const SESSION_COOKIE = 'adm_session'
const SESSION_DURATION_HOURS = 8

function hashToken(token: string): string {
  // SHA-256 simples via Web Crypto (disponível no Edge e Node 18+)
  // Usamos uma versão síncrona via Buffer para Node.js
  const { createHash } = require('crypto')
  return createHash('sha256').update(token).digest('hex')
}

export async function createSession(userId: string): Promise<string> {
  const { randomUUID } = require('crypto')
  const token = randomUUID().replace(/-/g, '') + randomUUID().replace(/-/g, '')
  const tokenHash = hashToken(token)
  const expiresAt = new Date(Date.now() + SESSION_DURATION_HOURS * 60 * 60 * 1000)

  await pool.execute(
    'INSERT INTO portal_sessions (user_id, token_hash, expires_at) VALUES (?, ?, ?)',
    [userId, tokenHash, expiresAt],
  )
  return token
}

export async function getSessionUser(token: string): Promise<PortalUser | null> {
  const tokenHash = hashToken(token)
  const [rows] = await pool.execute<any[]>(
    `SELECT u.* FROM portal_users u
     INNER JOIN portal_sessions s ON s.user_id = u.id
     WHERE s.token_hash = ? AND s.expires_at > NOW() AND u.status = 'active'
     LIMIT 1`,
    [tokenHash],
  )
  return rows[0] ?? null
}

export async function deleteSession(token: string): Promise<void> {
  const tokenHash = hashToken(token)
  await pool.execute('DELETE FROM portal_sessions WHERE token_hash = ?', [tokenHash])
}

export async function getSessionFromRequest(req: NextRequest): Promise<PortalUser | null> {
  // 1. Tenta Bearer token no header Authorization (funciona em ambientes sem cookie cross-origin)
  const authHeader = req.headers.get('authorization')
  if (authHeader?.startsWith('Bearer ')) {
    const token = authHeader.slice(7)
    if (token) return getSessionUser(token)
  }
  // 2. Fallback: cookie httpOnly
  const token = req.cookies.get(SESSION_COOKIE)?.value
  if (!token) return null
  return getSessionUser(token)
}

export async function getSessionFromCookies(): Promise<PortalUser | null> {
  const cookieStore = await cookies()
  const token = cookieStore.get(SESSION_COOKIE)?.value
  if (!token) return null
  return getSessionUser(token)
}