import { auth } from '@/auth'
import { db } from '@/lib/db'
import { enrollmentTokens } from '@/lib/db/schema'
import { eq, desc } from 'drizzle-orm'
import { NextRequest, NextResponse } from 'next/server'

// GET /api/enrollment-tokens — list all (admin only)
export async function GET() {
  const session = await auth()
  if (!session?.user || session.user.role !== 'admin') {
    return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
  }

  const tokens = await db
    .select()
    .from(enrollmentTokens)
    .orderBy(desc(enrollmentTokens.createdAt))

  return NextResponse.json({ tokens })
}

// POST /api/enrollment-tokens — create new token (admin only)
export async function POST(request: NextRequest) {
  const session = await auth()
  if (!session?.user || session.user.role !== 'admin') {
    return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
  }

  const { label, expiresInDays, maxUses } = await request.json()

  const expiresAt = expiresInDays
    ? new Date(Date.now() + expiresInDays * 24 * 60 * 60 * 1000)
    : null

  const token = await db
    .insert(enrollmentTokens)
    .values({
      label: label || null,
      createdBy: session.user.id,
      expiresAt,
      maxUses: maxUses || null,
    })
    .returning()

  return NextResponse.json({ token: token[0] }, { status: 201 })
}

// DELETE /api/enrollment-tokens — revoke token (admin only)
export async function DELETE(request: NextRequest) {
  const session = await auth()
  if (!session?.user || session.user.role !== 'admin') {
    return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
  }

  const { id } = await request.json()
  await db
    .update(enrollmentTokens)
    .set({ revokedAt: new Date() })
    .where(eq(enrollmentTokens.id, id))

  return NextResponse.json({ success: true })
}