import { NextResponse } from 'next/server'
import { sessionRepo } from '@/lib/database/repositories/session.repo'
import { runSessionCleanup } from '@/lib/session-cleanup'
import { modelRegistry } from '@/lib/engine/model-registry'
import { getSetting } from '@/lib/settings-store'
import crypto from 'crypto'
import { isAuthError, requireUser, requireWorkspaceReadAccess } from '@/lib/auth/session'

// GET /api/sessions — list all sessions
export async function GET(req: Request) {
  try {
    const user = await requireUser()
    // Auto-clean expired sessions on app load (throttled: max once per hour)
    runSessionCleanup()

    // ext_only 过滤参数（§8.2 owner 最近外部会话列表用）：
    // - ext_only=true  → 只看 H5 外部会话（ext_user_id 非空）
    // - ext_only=false → 排除外部会话（owner 日常列表隐藏 ext 用）
    // - 不传           → 全部（默认行为，含 H5 + 普通）
    const url = new URL(req.url)
    const extOnlyParam = url.searchParams.get('ext_only')
    const extOnly = extOnlyParam === 'true' ? true : extOnlyParam === 'false' ? false : undefined

    const rows = sessionRepo.listActiveByUser(user.id, extOnly !== undefined ? { extOnly } : undefined)
    const accessible = []
    for (const session of rows) {
      if (!session.workspace) {
        accessible.push(session)
        continue
      }
      try {
        await requireWorkspaceReadAccess(session.workspace)
        accessible.push(session)
      } catch (err) {
        if (isAuthError(err)) continue
        throw err
      }
    }
    return NextResponse.json(accessible)
  } catch (err) {
    if (isAuthError(err)) return err
    throw err
  }
}

// POST /api/sessions — create a new session
export async function POST(req: Request) {
  let user
  try {
    user = await requireUser()
  } catch (err) {
    if (isAuthError(err)) return err
    throw err
  }
  const body = await req.json()
  const id = crypto.randomUUID()
  const title = body.title || 'New Session'
  const workspace = body.workspace || ''
  const model = body.model || await modelRegistry.getDefaultModel(user.id, getSetting('default_model', user.id))

  if (workspace) {
    try { await requireWorkspaceReadAccess(workspace) } catch (err) { if (isAuthError(err)) return err; throw err }
  }
  const session = sessionRepo.create({ id, title, workspace, model, userId: user.id })
  return NextResponse.json(session, { status: 201 })
}
