import { cookies } from 'next/headers'
import { NextRequest } from 'next/server'
import { getDb } from '@/server/db'
import { USER_AUTH_SQL } from '@/server/userAuthSql'

export const SESSION_ID_COOKIE = '_as'

/**
 * 從 cookie 取得目前登入的使用者 ID
 */
export async function getUserIdFromCookie(): Promise<string | null> {
    const jar = cookies()
    const sessionId = jar.get(SESSION_ID_COOKIE)?.value

    if (!sessionId) {
        return null
    }

    try {
        const db = await getDb()
        const session = await db.get<{ userId: string }>(
            USER_AUTH_SQL.selectSessionUserId,
            [sessionId]
        )

        return session?.userId || null
    } catch (error) {
        console.error('Failed to get user ID from session:', error)
        return null
    }
}

/**
 * 從 request 取得目前登入的使用者 ID
 */
export async function getUserIdFromRequest(request: NextRequest): Promise<string | null> {
    const sessionId = request.cookies.get(SESSION_ID_COOKIE)?.value

    if (!sessionId) {
        return null
    }

    try {
        const db = await getDb()
        const session = await db.get<{ userId: string }>(
            USER_AUTH_SQL.selectSessionUserId,
            [sessionId]
        )

        return session?.userId || null
    } catch (error) {
        console.error('Failed to get user ID from session:', error)
        return null
    }
}

/**
 * 驗證 session 是否存在於資料庫中
 * 如果 session 不存在，返回 null
 */
export async function validateSession(request: NextRequest): Promise<string | null> {
    const sessionId = request.cookies.get(SESSION_ID_COOKIE)?.value

    if (!sessionId) {
        return null
    }

    try {
        const db = await getDb()
        const session = await db.get<{ userId: string }>(
            USER_AUTH_SQL.selectSessionUserId,
            [sessionId]
        )

        return session?.userId || null
    } catch (error) {
        console.error('Failed to validate session:', error)
        return null
    }
}

/**
 * 設置使用者 session cookie（只儲存 session ID，不儲存使用者 ID）
 */
export function setUserSession(userId: string, sessionId: string) {
    const jar = cookies()
    jar.set(SESSION_ID_COOKIE, sessionId, {
        path: '/',
        httpOnly: true,
        sameSite: 'lax',
        secure: process.env.NODE_ENV === 'production',
        maxAge: 60 * 60 * 24 * 30,
    })
}

/**
 * 清除使用者 session
 */
export function clearUserSession() {
    const jar = cookies()
    jar.delete(SESSION_ID_COOKIE)
}

