import type { RequestHandler } from './$types';
import { json, redirect } from '@sveltejs/kit';
import {
	createAuthUrl,
	exchangeCodeForTokens,
	getOAuthClient
} from '$lib/google';
import { sendGmail } from '$lib/gmail';

/* ───────────── GET ───────────── */
export const GET: RequestHandler = async ({ url }) => {
	/* 1.   /private/api/gmail?action=auth  → 302 to Google */
	if (url.searchParams.get('action') === 'auth') {
		throw redirect(302, createAuthUrl());
	}

	/* 2.   Google callback  /private/api/gmail?code=XXXX */
	const code = url.searchParams.get('code');
	if (code) {
		try {
			const refreshToken = await exchangeCodeForTokens(code);

			const html = `
				<script>
					localStorage.setItem('gmail_refresh_token', ${JSON.stringify(refreshToken)});
					location = '/private/events/creator';
				</script>`;
			return new Response(html, { headers: { 'Content-Type': 'text/html' } });
		} catch (err) {
			return new Response((err as Error).message, { status: 500 });
		}
	}

	return new Response('Bad request', { status: 400 });
};

/* ───────────── POST ───────────── */
export const POST: RequestHandler = async ({ request }) => {
	const { action, refreshToken, to, subject, text, qr_code } = await request.json();

	/* send e-mail */
	if (action === 'send') {
		if (!refreshToken) return new Response('Missing token', { status: 401 });
		try {
			await sendGmail(refreshToken, { to, subject, text, qr_code });
			return json({ ok: true });
		} catch (err) {
			return new Response((err as Error).message, { status: 500 });
		}
	}

	/* revoke token */
	if (action === 'revoke') {
		if (!refreshToken) return new Response('Missing token', { status: 401 });
		try {
			await getOAuthClient().revokeToken(refreshToken);
			return json({ ok: true });
		} catch (err) {
			return new Response((err as Error).message, { status: 500 });
		}
	}

	/* validate token */
	if (action === 'validate') {
		if (!refreshToken) {
			return json({ valid: false });
		}
		try {
			const oAuth2Client = getOAuthClient();
			oAuth2Client.setCredentials({ refresh_token: refreshToken });
			await oAuth2Client.getAccessToken(); // This will throw if invalid
			return json({ valid: true });
		} catch (err) {
			return json({ valid: false, error: (err as Error).message });
		}
	}

	return new Response('Bad request', { status: 400 });
};