'use server'

import { cookies } from 'next/headers'
import { redirect } from 'next/navigation'
import { prisma } from '@/lib/prisma'
import { hashPassword, verifyPassword, createSession, deleteSession } from '@/lib/auth'
import { SESSION_COOKIE } from '@/lib/session-cookie'

type FormState = { error?: string }

async function setSessionCookie(userId: string) {
  const token = await createSession(userId)
  const store = await cookies()
  store.set(SESSION_COOKIE, token, {
    httpOnly: true,
    sameSite: 'lax',
    secure: process.env.NODE_ENV === 'production',
    path: '/',
    maxAge: 60 * 60 * 24 * 30,
  })
}

export async function registerAction(_prev: FormState, formData: FormData): Promise<FormState> {
  const name = String(formData.get('name') ?? '').trim()
  const email = String(formData.get('email') ?? '').trim().toLowerCase()
  const company = String(formData.get('company') ?? '').trim() || null
  const password = String(formData.get('password') ?? '')

  if (!name || !email || password.length < 8) {
    return { error: 'Completa nombre, email y una contraseña de al menos 8 caracteres.' }
  }
  const exists = await prisma.user.findUnique({ where: { email } })
  if (exists) return { error: 'Ya existe una cuenta con ese email.' }

  const user = await prisma.user.create({
    data: { name, email, company, passwordHash: hashPassword(password) },
  })
  await setSessionCookie(user.id)
  redirect('/dashboard')
}

export async function loginAction(_prev: FormState, formData: FormData): Promise<FormState> {
  const email = String(formData.get('email') ?? '').trim().toLowerCase()
  const password = String(formData.get('password') ?? '')
  const next = String(formData.get('next') ?? '/dashboard') || '/dashboard'

  const user = await prisma.user.findUnique({ where: { email } })
  if (!user || !verifyPassword(password, user.passwordHash)) {
    return { error: 'Email o contraseña incorrectos.' }
  }
  await setSessionCookie(user.id)
  redirect(next.startsWith('/') ? next : '/dashboard')
}

export async function logoutAction(): Promise<void> {
  const store = await cookies()
  const token = store.get(SESSION_COOKIE)?.value
  if (token) await deleteSession(token)
  store.delete(SESSION_COOKIE)
  redirect('/')
}