import { NextResponse } from "next/server";
import { env } from "@/lib/env";

export async function GET(req: Request) {
  const isHttps = new URL(req.url).protocol === "https:";
  const cookie = req.headers.get("cookie");

  const refreshToken = cookie
    ?.split("; ")
    .find((c) => c.startsWith("refresh_token="))
    ?.split("=")[1];

  if (!refreshToken) {
    return NextResponse.json({ message: "No refresh token" }, { status: 401 });
  }

  try {
    const res = await fetch(`${env.API_URL}/auth/refresh`, {
      method: "POST",
      headers: {
        "Content-Type": "application/json",
      },
      body: JSON.stringify({ refresh_token: refreshToken }),
    });

    if (!res.ok) {
      throw new Error("Refresh failed");
    }

    const data = await res.json();

    const response = NextResponse.json({ success: true });

    // 🍪 Set new access token
    response.cookies.set("access_token", data.access_token, {
      httpOnly: true,
      secure: isHttps,
      sameSite: "lax",
      path: "/",
      ...(env.COOKIE_DOMAIN ? { domain: env.COOKIE_DOMAIN } : {}),
      maxAge: data.expires_in,
    });

    response.cookies.set("refresh_token", data.refresh_token, {
        httpOnly: true,
        secure: isHttps,
        sameSite: "lax",
        path: "/",
        ...(env.COOKIE_DOMAIN ? { domain: env.COOKIE_DOMAIN } : {}),
        maxAge: data.expires_in,
    });

    return response;
  } catch {
    return NextResponse.json({ message: "Refresh failed" }, { status: 401 });
  }
}