import { NextRequest, NextResponse } from 'next/server'
import fs from 'fs'
import path from 'path'
import os from 'os'

function getWorkspacesRoot(): string {
    if (process.env.FORGE_WORKSPACES_ROOT) {
        return process.env.FORGE_WORKSPACES_ROOT
    }
    return path.join(os.homedir(), 'workspaces')
}

function isPathAllowed(targetPath: string): boolean {
    const resolved = path.resolve(targetPath)
    const root = getWorkspacesRoot()

    // Rule 1: Paths under workspaces root are always allowed
    if (resolved.startsWith(root)) return true

    // Rule 2: Common project directories on Linux servers
    const ALLOWED_PREFIXES = [
        os.homedir(),
        '/opt',
        '/srv',
        '/data',
        '/home',
        '/var/www',
        '/tmp',
    ]
    return ALLOWED_PREFIXES.some(p => resolved.startsWith(p))
}

function ensureWorkspacesRoot(): void {
    const root = getWorkspacesRoot()
    if (!fs.existsSync(root)) {
        fs.mkdirSync(root, { recursive: true })
        fs.writeFileSync(
            path.join(root, 'README.md'),
            '# Forge Workspaces\n\nThis is the default workspace root directory.\n' +
            'Each subfolder can be opened as a separate project workspace.\n\n' +
            'Example:\n```\n' + root + '/\n' +
            '  ├── my-backend/     ← Open as workspace\n' +
            '  ├── my-frontend/   ← Open as workspace\n' +
            '  └── shared-libs/   ← Open as workspace\n```\n'
        )
    }
}

function hasSubdirectories(dirPath: string): boolean {
    try {
        return fs.readdirSync(dirPath, { withFileTypes: true })
            .some(e => e.isDirectory())
    } catch {
        return false
    }
}

export async function GET(req: NextRequest) {
    const requestPath = req.nextUrl.searchParams.get('path') || ''
    const showHidden = req.nextUrl.searchParams.get('hidden') === 'true'

    // Empty path → return default workspaces root
    const dirPath = requestPath || getWorkspacesRoot()
    const resolved = path.resolve(dirPath)

    if (!isPathAllowed(resolved)) {
        return NextResponse.json({ error: 'Path not allowed' }, { status: 403 })
    }

    // Auto-create workspaces root if accessing it and it doesn't exist
    if (resolved === getWorkspacesRoot()) {
        ensureWorkspacesRoot()
    }

    if (!fs.existsSync(resolved)) {
        return NextResponse.json({ error: 'Path does not exist' }, { status: 404 })
    }

    try {
        fs.statSync(resolved)
    } catch {
        return NextResponse.json({ error: 'Permission denied' }, { status: 403 })
    }

    if (!fs.statSync(resolved).isDirectory()) {
        return NextResponse.json({ error: 'Not a directory' }, { status: 400 })
    }

    try {
        const entries = fs.readdirSync(resolved, { withFileTypes: true })

        const directories = entries
            .filter(e => e.isDirectory())
            .filter(e => showHidden || !e.name.startsWith('.'))
            .sort((a, b) => a.name.localeCompare(b.name))
            .map(e => ({
                name: e.name,
                path: path.join(resolved, e.name),
                hasSubDirs: hasSubdirectories(path.join(resolved, e.name)),
            }))

        const parent = path.dirname(resolved)

        return NextResponse.json({
            path: resolved,
            parent: parent !== resolved ? parent : null,
            isWorkspacesRoot: resolved === getWorkspacesRoot(),
            directories,
        })
    } catch {
        return NextResponse.json({ error: 'Permission denied' }, { status: 403 })
    }
}
