// apps/web/lib/admin-proxy.ts
import { NextRequest, NextResponse } from 'next/server';
import { cookies } from 'next/headers';

const EXPRESS_API = process.env.NEXT_PUBLIC_API_URL ?? 'http://localhost:3001';

export async function adminProxy(
  req: NextRequest,
  expressPath: string,
  method?: string
): Promise<NextResponse> {
  try {
    const cookieStore = cookies();
    const token =
      cookieStore.get('access_token')?.value ??
      req.headers.get('authorization')?.replace('Bearer ', '') ??
      null;

    if (!token) {
      return NextResponse.json(
        { success: false, message: 'Authentication required', data: null },
        { status: 401 }
      );
    }

    const url = new URL(req.url);
    const targetUrl = `${EXPRESS_API}${expressPath}${url.search}`;
    const reqMethod = method ?? req.method;

    const fetchOptions: RequestInit = {
      method: reqMethod,
      headers: {
        'Content-Type': 'application/json',
        'Authorization': `Bearer ${token}`,
        'Cookie': `access_token=${token}`,
      },
    };

    if (['POST', 'PUT', 'PATCH'].includes(reqMethod)) {
      try {
        fetchOptions.body = JSON.stringify(await req.json());
      } catch {}
    }

    const upstream = await fetch(targetUrl, fetchOptions);

    const contentType = upstream.headers.get('content-type') ?? '';
    if (!contentType.includes('application/json')) {
      const text = await upstream.text();
      console.error(`[adminProxy] Non-JSON from ${expressPath}:`, text.slice(0, 150));
      return NextResponse.json(
        { success: false, message: 'Upstream returned non-JSON', data: null },
        { status: 502 }
      );
    }

    const data = await upstream.json();
    return NextResponse.json(data, { status: upstream.status });

  } catch (err: any) {
    console.error(`[adminProxy] Error proxying ${expressPath}:`, err.message);
    return NextResponse.json(
      { success: false, message: err.message, data: null },
      { status: 500 }
    );
  }
}
