import { NextRequest, NextResponse } from 'next/server';
import {
  createSessionValue,
  getAuthPublicOrigin,
  OAUTH_STATE_COOKIE,
  parseOAuthState,
  SESSION_COOKIE,
  sessionCookieOptions,
} from '@/lib/server/foodstarAuth';
import { saveReviewForUser } from '@/lib/server/userReviewStore';
import { FOODSTAR_JOURNAL_SLUG } from '@/lib/foodstar';

export const dynamic = 'force-dynamic';
export const runtime = 'nodejs';

type GoogleUserInfo = {
  sub?: string;
  email?: string;
  name?: string;
  picture?: string;
};

export async function GET(req: NextRequest) {
  const clientId = process.env.GOOGLE_CLIENT_ID;
  const clientSecret = process.env.GOOGLE_CLIENT_SECRET;
  const url = new URL(req.url);
  const publicOrigin = getAuthPublicOrigin(req, url);
  const code = url.searchParams.get('code');
  const stateParam = url.searchParams.get('state');
  const stateCookie = req.cookies.get(OAUTH_STATE_COOKIE)?.value;
  const state = stateParam && stateParam === stateCookie ? parseOAuthState(stateParam) : null;

  if (!clientId || !clientSecret || !code || !state) {
    return NextResponse.redirect(new URL('/me?auth=failed', publicOrigin));
  }

  try {
    const tokenRes = await fetch('https://oauth2.googleapis.com/token', {
      method: 'POST',
      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
      body: new URLSearchParams({
        code,
        client_id: clientId,
        client_secret: clientSecret,
        redirect_uri: `${publicOrigin}/api/auth/google/callback`,
        grant_type: 'authorization_code',
      }),
      cache: 'no-store',
    });

    if (!tokenRes.ok) throw new Error('Token exchange failed');
    const tokenBody = (await tokenRes.json()) as { access_token?: string };
    if (!tokenBody.access_token) throw new Error('Missing Google access token');

    const userRes = await fetch('https://openidconnect.googleapis.com/v1/userinfo', {
      headers: { Authorization: `Bearer ${tokenBody.access_token}` },
      cache: 'no-store',
    });
    if (!userRes.ok) throw new Error('Google profile fetch failed');

    const googleUser = (await userRes.json()) as GoogleUserInfo;
    if (!googleUser.sub || !googleUser.email) throw new Error('Google profile missing email');

    if (state.submissionId) {
      saveReviewForUser({
        userEmail: googleUser.email,
        submissionId: state.submissionId,
        campaignSlug: state.campaignSlug || FOODSTAR_JOURNAL_SLUG,
        placeName: state.placeName,
        dishName: state.dishName,
      });
    }

    const res = NextResponse.redirect(new URL(state.returnTo || '/me', publicOrigin));
    res.cookies.set(
      SESSION_COOKIE,
      createSessionValue({
        sub: googleUser.sub,
        email: googleUser.email,
        name: googleUser.name || googleUser.email,
        picture: googleUser.picture,
      }),
      sessionCookieOptions(),
    );
    res.cookies.set(OAUTH_STATE_COOKIE, '', {
      ...sessionCookieOptions(),
      maxAge: 0,
    });
    return res;
  } catch {
    return NextResponse.redirect(new URL('/me?auth=failed', publicOrigin));
  }
}