import { NextRequest, NextResponse } from 'next/server'
import { authenticateH5FromCookieHeader, getCookieHeaderFromRequest } from '@/lib/h5/auth'
import { mapMessagesForH5Response } from '@/lib/h5/message-content'
import { h5Router } from '@/lib/h5/router'
import { messageRepo } from '@/lib/database/repositories/message.repo'
import { sessionRepo } from '@/lib/database/repositories/session.repo'

export const runtime = 'nodejs'
export const dynamic = 'force-dynamic'

/**
 * GET /api/h5/sessions/[id]
 *   返回指定公开分享对话的元信息和消息列表。
 *   鉴权：forge_h5 cookie。
 */
export async function GET(
  req: NextRequest,
  { params }: { params: Promise<{ id: string }> },
): Promise<NextResponse> {
  const auth = authenticateH5FromCookieHeader(getCookieHeaderFromRequest(req))
  if (!auth) {
    return NextResponse.json({ error: 'Session expired' }, { status: 401 })
  }

  const { id } = await params
  const session = sessionRepo.findById(id)
  if (!session) {
    return NextResponse.json({ error: 'Session not found' }, { status: 404 })
  }

  // 验证该 session 属于当前 H5 page 所在的 workspace
  if (session.workspace !== auth.page.workspaceId) {
    return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
  }

  // 出站 content 已 strip（仅展示块）；与 /api/h5/messages 一致，防旁路大 payload
  const messages = mapMessagesForH5Response(messageRepo.listBySession(session.id))

  return NextResponse.json({
    session: {
      id: session.id,
      model: session.model,
      title: session.title,
      createdAt: session.createdAt,
    },
    messages: messages.map((m) => ({
      id: m.id,
      role: m.role,
      content: m.content,
      createdAt: m.createdAt,
    })),
  })
}

/**
 * DELETE /api/h5/sessions/[id]
 *   删除指定公开分享对话及其消息。
 *   鉴权：forge_h5 cookie；必须同时校验 externalUserId + workspace，防跨用户泄露。
 */
export async function DELETE(
  req: NextRequest,
  { params }: { params: Promise<{ id: string }> },
): Promise<NextResponse> {
  const auth = authenticateH5FromCookieHeader(getCookieHeaderFromRequest(req))
  if (!auth) {
    return NextResponse.json({ error: 'Session expired' }, { status: 401 })
  }

  const { id } = await params
  const { page, payload } = auth
  h5Router.deleteSession(id, payload.externalUserId, page.workspaceId)

  return NextResponse.json({ ok: true })
}

/**
 * PATCH /api/h5/sessions/[id]
 *   重命名指定公开分享对话。body: { title: string }
 *   鉴权：forge_h5 cookie；router 内带 externalUserId + workspace 归属校验。
 */
export async function PATCH(
  req: NextRequest,
  { params }: { params: Promise<{ id: string }> },
): Promise<NextResponse> {
  const auth = authenticateH5FromCookieHeader(getCookieHeaderFromRequest(req))
  if (!auth) {
    return NextResponse.json({ error: 'Session expired' }, { status: 401 })
  }

  let body: { title?: unknown }
  try {
    body = await req.json()
  } catch {
    return NextResponse.json({ error: 'Invalid body' }, { status: 400 })
  }
  const title = typeof body?.title === 'string' ? body.title.trim() : ''
  if (!title || title.length > 100) {
    return NextResponse.json({ error: 'Invalid title' }, { status: 400 })
  }

  const { id } = await params
  const { page, payload } = auth
  h5Router.renameSession(id, title, payload.externalUserId, page.workspaceId)

  return NextResponse.json({ ok: true })
}
