import { NextRequest, NextResponse } from 'next/server';
import { db } from '@/lib/db';
import { cookies } from 'next/headers';

export async function POST(req: NextRequest) {
    try {
        const { identifier, apiKey } = await req.json();

        if (!identifier || !apiKey) {
            return NextResponse.json({ error: 'Eksik bilgi.' }, { status: 400 });
        }

        // 1. Resolve merchant by ID or short_id
        const isUUID = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(identifier);
        
        const queryText = isUUID 
            ? 'SELECT * FROM merchants WHERE id = $1 LIMIT 1'
            : 'SELECT * FROM merchants WHERE short_id = $1 LIMIT 1';
        
        const result = await db.query(queryText, [identifier]);
        const merchant = result.rows[0];

        if (!merchant) {
            return NextResponse.json({ error: 'Firma bulunamadı.' }, { status: 404 });
        }

        // 2. Verify API Key
        if (merchant.api_key !== apiKey) {
            return NextResponse.json({ error: 'Geçersiz anahtar.' }, { status: 401 });
        }

        // 3. Set Auth Cookie (simplified for now)
        // Store the merchant ID in a cookie
        const cookieStore = await cookies();
        cookieStore.set(`merchant_auth_${merchant.id}`, 'true', {
            httpOnly: true,
            secure: process.env.NODE_ENV === 'production',
            maxAge: 60 * 60 * 24, // 24 hours
            path: '/',
        });

        // Also set a temporary short_id link if needed
        if (merchant.short_id) {
            cookieStore.set(`merchant_auth_${merchant.short_id}`, 'true', {
                httpOnly: true,
                maxAge: 60 * 60 * 24,
                path: '/',
            });
        }

        return NextResponse.json({ success: true });
    } catch (err: any) {
        return NextResponse.json({ error: err.message }, { status: 500 });
    }
}