import { validateSession } from '@/lib/auth/validateSession';
import { supabaseServiceRole } from '@/lib/supabase';
import type { APIRoute } from 'astro';

export const GET: APIRoute = async ({ request }) => {
  const headers = { 'Content-Type': 'application/json' };

  const session = await validateSession(request.headers.get('Authorization'));
  if (!session.valid) {
    return new Response(JSON.stringify({ success: false, message: session.error }), {
      status: 401,
      headers,
    });
  }

  if (!supabaseServiceRole) {
    return new Response(JSON.stringify({ success: false, message: 'Service unavailable' }), {
      status: 503,
      headers,
    });
  }

  try {
    const url = new URL(request.url);
    const path = url.searchParams.get('path');

    if (!path) {
      return new Response(JSON.stringify({ success: false, message: 'path required' }), {
        status: 400,
        headers,
      });
    }

    const pathProfileId = path.split('/')[0];
    if (pathProfileId !== session.profileId) {
      return new Response(JSON.stringify({ success: false, message: 'Unauthorized' }), {
        status: 403,
        headers,
      });
    }

    const { data, error } = await supabaseServiceRole.storage
      .from('user_camera_photos')
      .createSignedUrl(path, 300);

    if (error || !data) {
      return new Response(
        JSON.stringify({
          success: false,
          message: error?.message || 'Failed to create signed URL',
        }),
        { status: 500, headers }
      );
    }

    return new Response(JSON.stringify({ success: true, signedUrl: data.signedUrl }), {
      status: 200,
      headers,
    });
  } catch {
    return new Response(JSON.stringify({ success: false, message: 'Internal server error' }), {
      status: 500,
      headers,
    });
  }
};