import { NextResponse } from "next/server"
import { prisma } from "@/server/db"
import { requireStaff } from "@/server/auth"
import { verifyDomain, viewDomains } from "@/server/smtp2go"

type DomainVerifyResult = {
  dkim_verified?: boolean
  dkim_selector?: string
  dkim_expected?: string
  rpath_verified?: boolean
  rpath_selector?: string
  rpath_expected?: string
}

export async function GET(req: Request) {
  try {
    await requireStaff()
  } catch (e: unknown) {
    const msg = e instanceof Error ? e.message : String(e ?? "")
    console.warn("admin/subaccounts/domain-verify: unauthorized access attempt", msg)
    return NextResponse.json({ error: "UNAUTHORIZED" }, { status: 401 })
  }

  const url = new URL(req.url)
  const subaccountId = String(url.searchParams.get("subaccountId") ?? "").trim()
  if (!subaccountId) {
    return NextResponse.json({ error: "MISSING_SUBACCOUNT_ID" }, { status: 400 })
  }

  const meta = await prisma.subaccountMeta.findUnique({
    where: { subaccountId },
    select: { domain: true },
  })
  let domain = meta?.domain?.trim()
  if (!domain) {
    try {
      const view = (await viewDomains({ subaccount_id: subaccountId })) as {
        domains?: Array<{ domain?: { fulldomain?: string } }>
      }
      const fetched = String(view?.domains?.[0]?.domain?.fulldomain ?? "").trim()
      if (fetched) {
        domain = fetched
        await prisma.subaccountMeta.upsert({
          where: { subaccountId },
          update: { domain },
          create: { subaccountId, domain },
        })
      }
    } catch {
      // ignore and keep fallback below
    }
  }
  if (!domain) {
    return NextResponse.json({ error: "MISSING_DOMAIN" }, { status: 404 })
  }

  try {
    const res = (await verifyDomain({ domain, subaccount_id: subaccountId })) as {
      domains?: Array<{
        domain?: {
          dkim_verified?: boolean
          dkim_selector?: string
          dkim_expected?: string
          rpath_verified?: boolean
          rpath_selector?: string
          rpath_expected?: string
        }
      }>
    }
    const entry = res?.domains?.[0]?.domain ?? {}
    const payload: DomainVerifyResult = {
      dkim_verified: Boolean(entry?.dkim_verified),
      dkim_selector: entry?.dkim_selector,
      dkim_expected: entry?.dkim_expected,
      rpath_verified: Boolean(entry?.rpath_verified),
      rpath_selector: entry?.rpath_selector,
      rpath_expected: entry?.rpath_expected,
    }
    await prisma.subaccountMeta.update({
      where: { subaccountId },
      data: {
        dkimVerified: payload.dkim_verified ?? null,
        rpathVerified: payload.rpath_verified ?? null,
        dkimSelector: payload.dkim_selector ?? null,
        rpathSelector: payload.rpath_selector ?? null,
        domainCheckedAt: new Date(),
      },
    })
    return NextResponse.json({ domain, ...payload })
  } catch (e: unknown) {
    const msg = e instanceof Error ? e.message : String(e ?? "Erro ao verificar domínio")
    return NextResponse.json({ error: msg }, { status: 502 })
  }
}