// app/api/account/route.ts
export const runtime = "nodejs";

import { NextResponse } from "next/server";
import { requireBearer } from "@/app/api/_lib/auth";

const API = (process.env.NEXT_PUBLIC_API_BASE_URL || "").replace(/\/$/, "");

const bad = (m: string, c = 400) => NextResponse.json({ error: m }, { status: c });

/**
 * GET: return current user's profile
 * shape: { ok: true, user: {...} } or { error }
 */
export async function GET() {
    try {
        const bearer = requireBearer(); // reads cookie from NextRequest internally
        const fields =
        "id,username,first_name,last_name,email,location,avatar.id,avatar.filename_download";

const res = await fetch(`${API}/users/me?fields=${encodeURIComponent(fields)}`, {
    headers: { Authorization: bearer },
    cache: "no-store",
});

const j = await res.json().catch(() => ({}));

if (!res.ok) {
    // propagate Directus status (401, 403, etc) instead of throwing
    const msg = j?.errors?.[0]?.message || "Failed to load profile";
    return NextResponse.json({ error: msg }, { status: res.status });
}

return NextResponse.json({ ok: true, user: j?.data ?? j });
    } catch (e: any) {
        // if requireBearer threw due to missing cookie, present 401 cleanly
        const status = e?.status === 401 ? 401 : e?.status || 500;
        return bad(e?.message || "Unexpected error", status);
    }
}

/**
 * PATCH: update current user's editable fields
 * accepts any subset of: first_name, last_name, email (optional), location, avatar
 */
export async function PATCH(req: Request) {
    try {
        const bearer = requireBearer(req);
        const body = await req.json().catch(() => ({}));

        const payload: Record<string, any> = {};
        if (typeof body.first_name === "string") payload.first_name = body.first_name.trim();
        if (typeof body.last_name === "string")  payload.last_name  = body.last_name.trim();
        if ("email" in body) {
            const e = String(body.email ?? "").trim();
            payload.email = e ? e : null; // email optional; blank clears
        }
        if (typeof body.location === "string")   payload.location   = body.location.trim();
        if (typeof body.avatar === "string")     payload.avatar     = body.avatar; // file id

        if (!Object.keys(payload).length) return bad("No changes");

        const res = await fetch(`${API}/users/me`, {
            method: "PATCH",
            headers: { Authorization: bearer, "Content-Type": "application/json" },
            body: JSON.stringify(payload),
        });

        const j = await res.json().catch(() => ({}));

        if (!res.ok) {
            const msg = j?.errors?.[0]?.message || "Update failed";
            return NextResponse.json({ error: msg }, { status: res.status });
        }

        return NextResponse.json({ ok: true });
    } catch (e: any) {
        const status = e?.status === 401 ? 401 : e?.status || 500;
        return bad(e?.message || "Unexpected error", status);
    }
}