import { NextRequest, NextResponse } from 'next/server'
import { webhookTokenRepo } from '@/lib/database/repositories/webhook-token.repo'
import crypto from 'crypto'
import { isAuthError, requireUser } from '@/lib/auth/session'

export async function GET() {
  let user
  try {
    user = await requireUser()
  } catch (err) {
    if (isAuthError(err)) return err
    throw err
  }
  const rows = webhookTokenRepo.listByOwner(user.id)

  // Only expose prefix of the token, never the full token after creation
  return NextResponse.json(
    rows.map((r) => ({
      id: r.id,
      name: r.name,
      prefix: r.token.slice(0, 8) + '...',
      enabled: r.enabled === 1,
      createdAt: r.createdAt,
      updatedAt: r.updatedAt,
    }))
  )
}

export async function POST(req: NextRequest) {
  let user
  try {
    user = await requireUser()
  } catch (err) {
    if (isAuthError(err)) return err
    throw err
  }
  const body = await req.json()
  const id = crypto.randomUUID()
  const token = 'wh_' + crypto.randomBytes(32).toString('hex')

  webhookTokenRepo.create({
    id,
    name: body.name || '',
    token,
    ownerUserId: user.id,
  })

  return NextResponse.json(
    {
      id,
      name: body.name || '',
      token, // full token returned ONLY at creation time
      enabled: true,
      createdAt: new Date().toISOString(),
    },
    { status: 201 }
  )
}
