import { cookies, headers } from 'next/headers'
import { redirect } from 'next/navigation'
import { getDb } from '@/server/db'
import { USER_AUTH_SQL } from '@/server/userAuthSql'
import { buildLoginUrl, getAppOriginFromEnv, getAppOriginFromHeaders } from '@/lib/url/appUrl'

const SESSION_ID_COOKIE = '_as'

/**
 * 檢查使用者是否已登入，如果未登入則重定向到登入頁
 * 會驗證 session 是否存在於資料庫中，如果被踢掉會重定向到清除 session 的 API
 */
export async function requireAuth() {
    const jar = cookies()
    const sessionId = jar.get(SESSION_ID_COOKIE)?.value
    const appOrigin =
        getAppOriginFromEnv() || getAppOriginFromHeaders(headers())
    const settingsPath = '/my/profile'

    if (!sessionId) {
        redirect(buildLoginUrl(settingsPath, appOrigin))
    }
    try {
        const db = await getDb()
        const session = await db.get<{ userId: string }>(
            USER_AUTH_SQL.selectSessionUserId,
            [sessionId]
        )
        if (!session) {
            const clearPath = `/api/auth/clear-session?redirect=${encodeURIComponent(settingsPath)}`
            redirect(appOrigin ? `${appOrigin}${clearPath}` : clearPath)
        }
        return { userId: session.userId, sessionId }
    } catch (error) {
        console.error('Failed to validate session:', error)
        const clearPath = `/api/auth/clear-session?redirect=${encodeURIComponent(settingsPath)}`
        redirect(appOrigin ? `${appOrigin}${clearPath}` : clearPath)
    }
}

