import { NextRequest, NextResponse } from 'next/server'
import { h5PageRepo } from '@/lib/database/repositories/h5-page.repo'
import {
  generateSlug,
  parseAppSecrets,
  serializeAppSecrets,
  addApp,
  removeApp,
  rotateSecret,
  updateAppName,
  setAppThemePreset,
  clearAppThemePreset,
} from '@/lib/h5/app-secrets'
import { isAuthError, requireUser, requireWorkspaceWriteAccess } from '@/lib/auth/session'
import type { H5Page } from '@/lib/database/schema'

export const runtime = 'nodejs'
export const dynamic = 'force-dynamic'

/** 取页面，校验 workspace 写权限。失败返回 NextResponse（直接 return）。 */
async function getPageForOwner(id: string): Promise<{ page: H5Page } | NextResponse> {
  await requireUser()
  const page = h5PageRepo.findById(id)
  if (!page) return NextResponse.json({ error: 'Not found' }, { status: 404 })

  try {
    await requireWorkspaceWriteAccess(page.workspaceId)
  } catch (err) {
    if (isAuthError(err)) return err as NextResponse
    throw err
  }
  return { page }
}

/**
 * PATCH /api/h5/pages/[id]
 *   更新 enabled / defaultModel / permissionMode / appSecrets（全量替换）
 *   或通过 appSecretOp 增量操作（add/remove/rotate/rename）
 */
export async function PATCH(
  req: NextRequest,
  { params }: { params: Promise<{ id: string }> },
): Promise<NextResponse> {
  try {
    const { id } = await params
    const guard = await getPageForOwner(id)
    if (guard instanceof NextResponse) return guard

    const body = await req.json()

    if (typeof body.enabled === 'number') {
      h5PageRepo.updateFields(id, { enabled: body.enabled })
    }
    if (typeof body.defaultModel === 'string') {
      h5PageRepo.updateFields(id, { defaultModel: body.defaultModel })
    }
    if (body.permissionMode === 'confirm' || body.permissionMode === 'full') {
      h5PageRepo.updateFields(id, { permissionMode: body.permissionMode })
    }
    if (typeof body.pageTitle === 'string') {
      h5PageRepo.updateFields(id, { pageTitle: body.pageTitle })
    }
    if (typeof body.assistantName === 'string') {
      h5PageRepo.updateFields(id, { assistantName: body.assistantName })
    }
    if (typeof body.description === 'string') {
      h5PageRepo.updateFields(id, { description: body.description })
    }
    if (typeof body.welcomeMessage === 'string') {
      h5PageRepo.updateFields(id, { welcomeMessage: body.welcomeMessage })
    }
    if (typeof body.iconEmoji === 'string') {
      h5PageRepo.updateFields(id, { iconEmoji: body.iconEmoji })
    }
    if (typeof body.appSecrets === 'string') {
      parseAppSecrets(body.appSecrets) // 校验可解析
      h5PageRepo.updateFields(id, { appSecrets: body.appSecrets })
    }

    // appSecrets 增量操作
    if (body.appSecretOp) {
        const op = body.appSecretOp as {
          type: 'add' | 'remove' | 'rotate' | 'rename' | 'setThemePreset' | 'clearThemePreset'
          appId?: string
          name?: string
          secret?: string
          presetId?: string
        }
        const currentPage = h5PageRepo.findById(id)
        if (!currentPage) return NextResponse.json({ error: 'Not found' }, { status: 404 })
        const secrets = parseAppSecrets(currentPage.appSecrets)
        let updated = secrets
        if (op.type === 'add' && op.appId) {
          updated = addApp(secrets, op.appId, op.name || op.appId, op.secret)
        } else if (op.type === 'remove' && op.appId) {
          updated = removeApp(secrets, op.appId)
        } else if (op.type === 'rotate' && op.appId) {
          updated = rotateSecret(secrets, op.appId)
        } else if (op.type === 'rename' && op.appId && op.name) {
          updated = updateAppName(secrets, op.appId, op.name)
        } else if (op.type === 'setThemePreset' && op.appId && op.presetId) {
          updated = setAppThemePreset(secrets, op.appId, op.presetId)
        } else if (op.type === 'clearThemePreset' && op.appId) {
          updated = clearAppThemePreset(secrets, op.appId)
        }
        h5PageRepo.updateFields(id, { appSecrets: serializeAppSecrets(updated) })
    }
    return NextResponse.json(h5PageRepo.findById(id))
  } catch (err) {
    if (isAuthError(err)) return err as NextResponse
    throw err
  }
}

/**
 * POST /api/h5/pages/[id]?action=regenerate-slug
 *   重新生成 slug（地址泄漏兜底）
 */
export async function POST(
  req: NextRequest,
  { params }: { params: Promise<{ id: string }> },
): Promise<NextResponse> {
  try {
    const { id } = await params
    const action = req.nextUrl.searchParams.get('action')

    if (action !== 'regenerate-slug') {
      return NextResponse.json({ error: 'Unknown action' }, { status: 400 })
    }

    const guard = await getPageForOwner(id)
    if (guard instanceof NextResponse) return guard

    let newSlug = generateSlug()
    let retries = 0
    while (h5PageRepo.slugExists(newSlug) && retries < 5) {
      newSlug = generateSlug()
      retries++
    }

    const updated = h5PageRepo.regenerateSlug(id, newSlug)
    return NextResponse.json(updated)
  } catch (err) {
    if (isAuthError(err)) return err as NextResponse
    throw err
  }
}

/** DELETE /api/h5/pages/[id] */
export async function DELETE(
  _req: NextRequest,
  { params }: { params: Promise<{ id: string }> },
): Promise<NextResponse> {
  try {
    const { id } = await params
    const guard = await getPageForOwner(id)
    if (guard instanceof NextResponse) return guard

    h5PageRepo.deleteById(id)
    return NextResponse.json({ ok: true })
  } catch (err) {
    if (isAuthError(err)) return err as NextResponse
    throw err
  }
}
