import { NextResponse } from 'next/server';
import { getServerSession } from 'next-auth';
import { signIn } from 'next-auth/react';
import { authOptions } from '../authOptions';

export async function POST(request: Request) {
  try {
    const { email, password } = await request.json();

    const result = await signIn('credentials', {
      email,
      password,
      redirect: false,
    });

    if (result?.error) {
      return NextResponse.json(
        { message: 'Invalid credentials' },
        { status: 401 }
      );
    }

    // Récupère la session utilisateur complète après login
    const session = await getServerSession(authOptions);
    if (!session || !session.user) {
      return NextResponse.json({ message: 'Session not found' }, { status: 500 });
    }

    // Supprime le cookie d'impersonation à chaque login
    const response = NextResponse.json({ user: session.user });
    response.cookies.set({
      name: 'original_admin_id',
      value: '',
      path: '/',
      maxAge: 0,
    });

    // Redirection selon le rôle
    let redirectUrl = '/';
    if (session.user.role === 'ADMIN') {
      redirectUrl = '/admin-dashboard';
    } else if (session.user.role === 'MANAGER') {
      redirectUrl = '/dashboard';
    }
    response.headers.set('X-Redirect-Url', redirectUrl);

    return response;
  } catch (error) {
    console.error('Login failed:', error);
    return NextResponse.json(
      { message: 'Internal server error' },
      { status: 500 }
    );
  }
}