import { NextRequest, NextResponse } from 'next/server'
import { getDb } from '@/server/db'
import { USER_AUTH_SQL } from '@/server/userAuthSql'
import { validateSession, SESSION_ID_COOKIE } from '../../_helpers/session'

export async function GET(request: NextRequest) {
    try {
        const userId = await validateSession(request)
        if (!userId) {
            return NextResponse.json(
                { ok: false, message: 'Unauthorized' },
                { status: 401 }
            )
        }

        const db = await getDb()
        const currentSessionId = request.cookies.get(SESSION_ID_COOKIE)?.value || ''
        const devices = await db.all<{
            id: string
            deviceType: string | null
            deviceName: string | null
            userAgent: string | null
            lastLoginAt: number
        }>( 
            USER_AUTH_SQL.listSessionsByUser,
            [userId]
        )
        return NextResponse.json({
            ok: true,
            devices: devices.map((d) => ({
                id: d.id,
                deviceType: d.deviceType || '-',
                deviceName: d.deviceName || '-',
                userAgent: d.userAgent || '-',
                lastLoginDate: d.lastLoginAt
                    ? new Date(d.lastLoginAt * 1000).toISOString()
                    : '',
                currentSession: d.id === currentSessionId,
            })),
        })
    } catch (error: any) {
        console.error('Failed to fetch login devices:', error)
        return NextResponse.json(
            { ok: false, message: error?.message || 'Failed to fetch login devices' },
            { status: 500 }
        )
    }
}

export async function DELETE(request: NextRequest) {
    try {
        const userId = await validateSession(request)
        if (!userId) {
            return NextResponse.json(
                { ok: false, message: 'Unauthorized' },
                { status: 401 }
            )
        }
        const body = await request.json()
        const { deviceId, all } = body
        const db = await getDb()
        const currentSessionId = request.cookies.get(SESSION_ID_COOKIE)?.value || ''
        if (all) {
            await db.run(USER_AUTH_SQL.deleteOtherSessions, [userId, currentSessionId])
        } else if (deviceId) {
            await db.run(USER_AUTH_SQL.deleteSessionByIdAndUser, [deviceId, userId])
            if (deviceId === currentSessionId) {
                const response = NextResponse.json({ ok: true })
                response.cookies.delete(SESSION_ID_COOKIE)
                return response
            }
        }
        return NextResponse.json({ ok: true })
    } catch (error: any) {
        console.error('Failed to delete login device:', error)
        return NextResponse.json(
            { ok: false, message: error?.message || 'Failed to delete login device' },
            { status: 500 }
        )
    }
}

