import { type NextRequest, NextResponse } from "next/server";
import {
  getAuthenticatedPlatformUser,
  hasPlatformAccess,
} from "@/lib/auth/server";
import { prisma } from "@/lib/prisma";

// POST /api/platform/companies/[id]/users - Invite user to company
export async function POST(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    const { user: platformUser } = await getAuthenticatedPlatformUser();

    if (
      !platformUser ||
      !hasPlatformAccess(platformUser.role, "PLATFORM_ADMIN")
    ) {
      return NextResponse.json(
        { error: "Admin access required" },
        { status: 403 }
      );
    }

    const { id: companyId } = await params;
    const body = await request.json();
    const { name, email, role = "USER" } = body;

    if (!name || !email) {
      return NextResponse.json(
        { error: "Name and email are required" },
        { status: 400 }
      );
    }

    // Check if company exists
    const company = await prisma.company.findUnique({
      where: { id: companyId },
      include: { _count: { select: { users: true } } },
    });

    if (!company) {
      return NextResponse.json({ error: "Company not found" }, { status: 404 });
    }

    // Check if user limit would be exceeded
    if (company._count.users >= company.maxUsers) {
      return NextResponse.json(
        { error: "Company has reached maximum user limit" },
        { status: 400 }
      );
    }

    // Check if user already exists
    const existingUser = await prisma.user.findUnique({
      where: { email },
    });

    if (existingUser) {
      return NextResponse.json(
        { error: "User with this email already exists" },
        { status: 400 }
      );
    }

    // Create the user placeholder (they'll complete signup via Neon Auth)
    const user = await prisma.user.create({
      data: {
        name,
        email,
        role,
        companyId,
        invitedBy: platformUser.email,
        invitedAt: new Date(),
      },
      select: {
        id: true,
        name: true,
        email: true,
        role: true,
        createdAt: true,
        invitedBy: true,
        invitedAt: true,
      },
    });

    // TODO: Send invitation email with sign-up link
    return NextResponse.json({
      user,
      signupUrl: "/auth/sign-up",
      message:
        "User invited. They should sign up at /auth/sign-up with this email.",
    });
  } catch (error) {
    console.error("Platform user invitation error:", error);
    return NextResponse.json(
      { error: "Internal server error" },
      { status: 500 }
    );
  }
}

// GET /api/platform/companies/[id]/users - Get company users
export async function GET(
  _request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    const { user } = await getAuthenticatedPlatformUser();

    if (!user) {
      return NextResponse.json(
        { error: "Platform access required" },
        { status: 401 }
      );
    }

    const { id: companyId } = await params;

    const users = await prisma.user.findMany({
      where: { companyId },
      select: {
        id: true,
        name: true,
        email: true,
        role: true,
        createdAt: true,
        invitedBy: true,
        invitedAt: true,
      },
      orderBy: { createdAt: "desc" },
    });

    return NextResponse.json({ users });
  } catch (error) {
    console.error("Platform users list error:", error);
    return NextResponse.json(
      { error: "Internal server error" },
      { status: 500 }
    );
  }
}