import { auth } from "@/lib/auth";
import { db } from "@/lib/db";
import { usuariosApp } from "@/lib/schema";
import { eq } from "drizzle-orm";
import { createClient } from "@supabase/supabase-js";

function getAdminClient() {
  return createClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL!,
    process.env.SUPABASE_SERVICE_ROLE_KEY!,
    { auth: { autoRefreshToken: false, persistSession: false } }
  );
}

export async function PUT(req: Request, { params }: { params: Promise<{ id: string }> }) {
  const session = await auth();
  if (!session || session.user.role !== "admin") {
    return Response.json({ error: "Forbidden" }, { status: 403 });
  }

  const { id } = await params;
  const numId = parseInt(id);
  if (isNaN(numId) || numId <= 0) return Response.json({ error: "Invalid ID" }, { status: 400 });

  const { nombre, rol, activo, permisos } = await req.json();

  const updateData: Record<string, unknown> = { nombre, rol, activo: activo ? 1 : 0 };
  if (permisos !== undefined) {
    updateData.permisos = Array.isArray(permisos) ? permisos : null;
  }

  const [updated] = await db.update(usuariosApp)
    .set(updateData)
    .where(eq(usuariosApp.id, numId))
    .returning();

  return Response.json(updated);
}

export async function DELETE(req: Request, { params }: { params: Promise<{ id: string }> }) {
  const session = await auth();
  if (!session || session.user.role !== "admin") {
    return Response.json({ error: "Forbidden" }, { status: 403 });
  }

  const { id } = await params;
  const numId = parseInt(id);
  if (isNaN(numId) || numId <= 0) return Response.json({ error: "Invalid ID" }, { status: 400 });

  // Get user to find auth_uid
  const [user] = await db.select().from(usuariosApp)
    .where(eq(usuariosApp.id, numId)).limit(1);

  if (!user) return Response.json({ error: "Not found" }, { status: 404 });

  // Don't allow deleting yourself
  if (user.authUid === session.user.authUid) {
    return Response.json({ error: "No podés eliminarte a vos mismo" }, { status: 400 });
  }

  // Deactivate in Supabase Auth
  if (user.authUid) {
    const supabaseAdmin = getAdminClient();
    await supabaseAdmin.auth.admin.deleteUser(user.authUid);
  }

  // Remove from app table
  await db.delete(usuariosApp).where(eq(usuariosApp.id, numId));
  return Response.json({ success: true });
}