remote-support/app/api/agent/session-code/route.ts

import { db } from '@/lib/db'
import { machines, sessionCodes } from '@/lib/db/schema'
import { eq, and } from 'drizzle-orm'
import { NextRequest, NextResponse } from 'next/server'

function generateSessionCode(): string {
  const chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789'
  let code = ''
  for (let i = 0; i < 6; i++) {
    code += chars.charAt(Math.floor(Math.random() * chars.length))
  }
  return code
}

export async function POST(request: NextRequest) {
  try {
    const { accessKey } = await request.json()

    if (!accessKey) {
      return NextResponse.json({ error: 'Access key required' }, { status: 400 })
    }

    const machineResult = await db
      .select()
      .from(machines)
      .where(eq(machines.accessKey, accessKey))
      .limit(1)

    const machine = machineResult[0]
    if (!machine) {
      return NextResponse.json({ error: 'Invalid access key' }, { status: 401 })
    }

    // Generate a unique code
    let code = ''
    for (let attempts = 0; attempts < 10; attempts++) {
      const candidate = generateSessionCode()
      const existing = await db
        .select({ id: sessionCodes.id })
        .from(sessionCodes)
        .where(and(eq(sessionCodes.code, candidate), eq(sessionCodes.isActive, true)))
        .limit(1)

      if (!existing[0]) {
        code = candidate
        break
      }
    }

    if (!code) {
      return NextResponse.json({ error: 'Failed to generate unique code' }, { status: 500 })
    }

    const expiresAt = new Date(Date.now() + 10 * 60 * 1000)

    await db.insert(sessionCodes).values({
      code,
      machineId: machine.id,
      createdBy: machine.userId,
      expiresAt,
      isActive: true,
    })

    return NextResponse.json({ success: true, code, expiresAt: expiresAt.toISOString(), expiresIn: 600 })
  } catch (error) {
    console.error('[Session Code] Error:', error)
    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
  }
}