"use server";

import { cookies } from "next/headers";
import { redirect } from "next/navigation";
import { account, AppwriteError } from "@/lib/appwrite-rest";
import { SESSION_COOKIE } from "@/lib/auth";

export type LoginState = { error?: string };

function friendly(err: unknown): string {
  if (err instanceof AppwriteError) {
    switch (err.type) {
      case "user_invalid_credentials":
        return "E-posta veya şifre hatalı.";
      case "user_blocked":
        return "Hesabınız engellenmiş.";
      case "general_rate_limit_exceeded":
        return "Çok fazla deneme. Birkaç dakika sonra tekrar deneyin.";
      default:
        return err.message;
    }
  }
  return err instanceof Error ? err.message : "Giriş başarısız";
}

export async function loginAction(
  _prev: LoginState | undefined,
  formData: FormData,
): Promise<LoginState> {
  const email = String(formData.get("email") ?? "").trim();
  const password = String(formData.get("password") ?? "");

  if (!email || !password) return { error: "E-posta ve şifre zorunlu" };

  let session;
  try {
    session = await account.createEmailPasswordSession(email, password);
  } catch (err) {
    return { error: friendly(err) };
  }

  const store = await cookies();
  store.set(SESSION_COOKIE, session.secret, {
    httpOnly: true,
    sameSite: "lax",
    secure: process.env.NODE_ENV === "production",
    path: "/",
    expires: new Date(session.expire),
  });

  redirect("/admin");
}

export async function logoutAction() {
  const store = await cookies();
  const secret = store.get(SESSION_COOKIE)?.value;
  if (secret) {
    try {
      await account.deleteSession("current", secret);
    } catch {
      // ignore — cookie is cleared anyway
    }
  }
  store.delete(SESSION_COOKIE);
  redirect("/admin/login");
}