import { NextRequest, NextResponse } from "next/server";
import { getServerSession } from "next-auth";
import { authOptions } from "@/app/api/auth/authOptions";
import { prisma } from "@/lib/prisma";
import bcrypt from "bcryptjs";

function generateTempPassword(length = 10) {
  const chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*';
  let password = '';
  for (let i = 0; i < length; i++) {
    password += chars.charAt(Math.floor(Math.random() * chars.length));
  }
  return password;
}

export async function POST(req: NextRequest) {
  try {
    const session = await getServerSession(authOptions);
    if (!session?.user || session.user.role !== "ADMIN") {
      return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
    }
    const { userId } = await req.json();
    if (!userId) {
      return NextResponse.json({ error: "ID du manager requis" }, { status: 400 });
    }
    const user = await prisma.user.findUnique({ where: { id: Number(userId) } });
    if (!user || user.role !== "MANAGER") {
      return NextResponse.json({ error: "Manager non trouvé" }, { status: 404 });
    }
    const tempPassword = generateTempPassword();
    const hashed = await bcrypt.hash(tempPassword, 10);
    await prisma.user.update({ where: { id: Number(userId) }, data: { password: hashed } });
    return NextResponse.json({ success: true, tempPassword });
  } catch (e) {
    return NextResponse.json({ error: "Erreur serveur" }, { status: 500 });
  }
}