import { NextRequest, NextResponse } from 'next/server';
import { gql, GraphQLClient } from 'graphql-request';

const LOGIN_MUTATION = gql`
  mutation Login($username: String!, $password: String!) {
    login(input: { username: $username, password: $password }) {
      token
    }
  }
`

const GET_USER_QUERY = gql`
  query GetUser {
    currentUser {
      id
      username
      email
    }
  }
`

const GET_PERMISSION_PAIRS = gql`
  query GetPermissionPairs {
    getUserPermissions {
      resource
      action
    }
  }
`

export async function POST(request: NextRequest) {
  try {
    const body = await request.json();

    const jwt = body.jwt;

    const client = new GraphQLClient(process.env.NEXT_PUBLIC_GRAPHQL_BACKEND_URL || 'http://localhost:3050/graphql', {
      headers: {
        'Authorization': `Bearer ${jwt}`
      }
    });

    await client.request(GET_USER_QUERY);
    const permissionPairs = await client.request(GET_PERMISSION_PAIRS);
    const res = NextResponse.json({ ok: true, token: jwt, permissionPairs })

    res.cookies.set('jwt', jwt, {
      httpOnly: true,
      secure: true,
      sameSite: 'lax',
      path: '/',
      maxAge: 60 * 60 * 24, // 1d
    })
    return res


  } catch (error) {

    console.error('Login error:', error);
    const res = NextResponse.json(
      {
        error: 'Internal server error',
        message: error instanceof Error ? error.message : 'Unknown error'
      },
      { status: 500 }
    );

    res.cookies.delete('jwt');
    return res;
  }
}

export async function GET(request: NextRequest) {
  return NextResponse.json({
    message: 'BFF endpoint - use POST for GraphQL queries',
    usage: {
      method: 'POST',
      body: {
        query: 'GraphQL query string',
        variables: 'Query variables object (optional)',
        operationName: 'Operation name (optional)'
      }
    }
  });
}