import { NextApiHandler } from "next";
import { signAdminToken, checkPassword, COOKIE_NAME, getTokenFromRequest, verifyAdminToken } from "@utils/admin-auth";

const handler: NextApiHandler = async (req, res) => {
    if (req.method === "POST") {
        const { password } = req.body ?? {};
        if (!password || typeof password !== "string") {
            return res.status(400).json({ error: "Password required" });
        }
        if (!checkPassword(password)) {
            return res.status(401).json({ error: "Invalid password" });
        }
        const token = await signAdminToken();
        res.setHeader("Set-Cookie", `${COOKIE_NAME}=${token}; HttpOnly; Path=/; SameSite=Lax; Max-Age=28800`);
        return res.status(200).json({ ok: true });
    }

    if (req.method === "DELETE") {
        res.setHeader("Set-Cookie", `${COOKIE_NAME}=; HttpOnly; Path=/; Max-Age=0`);
        return res.status(200).json({ ok: true });
    }

    if (req.method === "GET") {
        const token = getTokenFromRequest(req);
        const valid = token ? await verifyAdminToken(token) : false;
        return res.status(200).json({ authenticated: valid });
    }

    res.setHeader("Allow", ["GET", "POST", "DELETE"]);
    return res.status(405).json({ error: "Method Not Allowed" });
};

export default handler;