import { NextRequest, NextResponse } from 'next/server'
import { db } from '@/lib/db'
import { requireAuth } from '@/lib/api-auth'
import { writeFile, mkdir } from 'fs/promises'
import path from 'path'

export async function POST(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    const authResult = await requireAuth(['CUSTOMER'])(request)
    if ('error' in authResult) return authResult.error

    const { user } = authResult
    const { id: reviewId } = await params

    // Verify review exists and belongs to this customer
    const review = await db.review.findFirst({ where: { id: reviewId, deletedAt: null } })
    if (!review) {
      return NextResponse.json(
        { error: 'Reseña no encontrada' },
        { status: 404 }
      )
    }
    if (review.customerId !== user.id) {
      return NextResponse.json(
        { error: 'Acceso denegado' },
        { status: 403 }
      )
    }

    // Check max 3 photos per review
    const photoCount = await db.reviewPhoto.count({ where: { reviewId } })
    if (photoCount >= 3) {
      return NextResponse.json(
        { error: 'Máximo 3 fotos por reseña' },
        { status: 400 }
      )
    }

    const formData = await request.formData()
    const file = formData.get('photo') as File | null

    if (!file) {
      return NextResponse.json(
        { error: 'No se proporcionó archivo' },
        { status: 400 }
      )
    }

    // Check file size (5MB max)
    if (file.size > 5 * 1024 * 1024) {
      return NextResponse.json(
        { error: 'El archivo no debe superar 5MB' },
        { status: 400 }
      )
    }

    // Check file type
    const allowedTypes = ['image/jpeg', 'image/png', 'image/webp', 'image/gif']
    if (!allowedTypes.includes(file.type)) {
      return NextResponse.json(
        { error: 'Solo se permiten imágenes (JPEG, PNG, WebP, GIF)' },
        { status: 400 }
      )
    }

    // Generate unique filename
    const ext = file.name.split('.').pop() || 'jpg'
    const filename = `${Date.now()}-${Math.random().toString(36).substring(2, 8)}.${ext}`
    const uploadDir = path.join(process.cwd(), 'public', 'uploads', 'reviews', reviewId)
    const filePath = path.join(uploadDir, filename)

    // Create directory if it doesn't exist
    await mkdir(uploadDir, { recursive: true })

    // Write file
    const bytes = await file.arrayBuffer()
    const buffer = Buffer.from(bytes)
    await writeFile(filePath, buffer)

    const storageKey = `/uploads/reviews/${reviewId}/${filename}`

    // Save photo record in database
    const photo = await db.reviewPhoto.create({
      data: {
        reviewId,
        storageKey,
        fileName: file.name,
        sizeBytes: file.size,
      },
    })

    return NextResponse.json({ photo }, { status: 201 })
  } catch (error) {
    console.error('Error al subir foto:', error)
    return NextResponse.json(
      { error: 'Error interno del servidor' },
      { status: 500 }
    )
  }
}

export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    const authResult = await requireAuth()(request)
    if ('error' in authResult) return authResult.error

    const { user } = authResult
    const { id: reviewId } = await params

    const review = await db.review.findFirst({ where: { id: reviewId, deletedAt: null } })
    if (!review) {
      return NextResponse.json(
        { error: 'Reseña no encontrada' },
        { status: 404 }
      )
    }

    // CUSTOMER solo puede ver fotos de sus propias reseñas
    if (user.role === 'CUSTOMER' && review.customerId !== user.id) {
      return NextResponse.json({ error: 'Acceso denegado' }, { status: 403 })
    }

    const photos = await db.reviewPhoto.findMany({
      where: { reviewId },
      orderBy: { uploadedAt: 'asc' },
    })

    return NextResponse.json({ photos })
  } catch (error) {
    console.error('Error al obtener fotos:', error)
    return NextResponse.json(
      { error: 'Error interno del servidor' },
      { status: 500 }
    )
  }
}
