import { headers } from "next/headers"
import { NextResponse } from "next/server"
import {
  ADMIN_SESSION_COOKIE,
  createAdminSession,
  isAdminCredentialLoginConfigured,
  isAdminCredentialMatch,
} from "@/lib/server/admin-auth"

export async function POST(request: Request) {
  if (!isAdminCredentialLoginConfigured()) {
    return NextResponse.redirect(
      new URL("/sign-in?error=config", await getPublicOrigin(request))
    )
  }

  const formData = await request.formData()
  const email = String(formData.get("email") || "")
    .trim()
    .toLowerCase()
  const password = String(formData.get("password") || "")

  if (!isAdminCredentialMatch(email, password)) {
    return NextResponse.redirect(
      new URL("/sign-in?error=invalid", await getPublicOrigin(request))
    )
  }

  const session = await createAdminSession(email)
  const response = NextResponse.redirect(
    new URL("/admin", await getPublicOrigin(request))
  )
  response.cookies.set(ADMIN_SESSION_COOKIE, session.token, {
    httpOnly: true,
    sameSite: "lax",
    secure: true,
    path: "/",
    expires: new Date(session.expiresAt),
  })

  return response
}

async function getPublicOrigin(request: Request) {
  const headerStore = await headers()
  const origin = headerStore.get("origin")
  if (origin) {
    return origin
  }

  const referer = headerStore.get("referer")
  if (referer) {
    return new URL(referer).origin
  }

  const siteUrl = process.env.NEXT_PUBLIC_SITE_URL
  if (siteUrl) {
    return siteUrl
  }

  const forwardedProto = headerStore.get("x-forwarded-proto")
  const forwardedHost = headerStore.get("x-forwarded-host")
  const host = forwardedHost || headerStore.get("host")

  if (host) {
    return `${forwardedProto || "https"}://${host}`
  }

  return new URL(request.url).origin
}