import { NextRequest, NextResponse } from 'next/server';
import { createClient, getSupabaseAdmin } from '@/lib/supabase/server';
import { checkRateLimit, getClientIP, createRateLimitResponse } from '@/lib/rate-limit';
import type { FeedbackCreateInput } from '@/lib/types/feedback';

const VALID_CATEGORIES = ['bug', 'feature', 'complaint', 'praise', 'question', 'other'];
const VALID_SEVERITIES = ['critical', 'high', 'medium', 'low'];

// Rate limit: 10 feedback submissions per 15 minutes
const FEEDBACK_RATE_LIMIT = 10;
const FEEDBACK_WINDOW_MS = 15 * 60 * 1000;

/**
 * POST /api/feedback - Create new feedback
 */
export async function POST(request: NextRequest) {
  try {
    const clientIP = getClientIP(request);
    const rateLimit = await checkRateLimit(`feedback:${clientIP}`, FEEDBACK_RATE_LIMIT, FEEDBACK_WINDOW_MS);
    if (!rateLimit.allowed) {
      const retryAfter = Math.ceil((rateLimit.resetTime - Date.now()) / 1000);
      return createRateLimitResponse(clientIP, retryAfter);
    }

    const supabase = await createClient();
    const { data: { user } } = await supabase.auth.getUser();

    if (!user) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

    const body: FeedbackCreateInput = await request.json();

    // Validate required fields
    if (!body.title?.trim() || !body.description?.trim()) {
      return NextResponse.json(
        { error: 'Title and description are required' },
        { status: 400 }
      );
    }

    if (!body.category || !VALID_CATEGORIES.includes(body.category)) {
      return NextResponse.json(
        { error: 'Invalid category' },
        { status: 400 }
      );
    }

    if (body.severity && !VALID_SEVERITIES.includes(body.severity)) {
      return NextResponse.json(
        { error: 'Invalid severity' },
        { status: 400 }
      );
    }

    // Get user profile for context
    const { data: profile } = await supabase
      .from('profiles')
      .select('name, email, type')
      .eq('id', user.id)
      .single();

    const { data, error } = await supabase
      .from('feedback')
      .insert({
        user_id: user.id,
        user_type: profile?.type || null,
        user_name: profile?.name || null,
        user_email: profile?.email || user.email || null,
        category: body.category,
        severity: body.severity || 'medium',
        title: body.title.trim().slice(0, 200),
        description: body.description.trim().slice(0, 5000),
        page_url: body.page_url?.slice(0, 500) || null,
      })
      .select()
      .single();

    if (error) {
      console.error('Feedback insert error:', error);
      return NextResponse.json(
        { error: 'Failed to submit feedback' },
        { status: 500 }
      );
    }

    return NextResponse.json({ data }, { status: 201 });
  } catch (err) {
    console.error('Feedback API error:', err);
    return NextResponse.json(
      { error: 'Internal server error' },
      { status: 500 }
    );
  }
}

/**
 * GET /api/feedback - List feedback (admin only via CEO PIN header)
 */
export async function GET(request: NextRequest) {
  try {
    const pin = request.headers.get('x-ceo-pin');
    if (pin !== '5050') {
      // Regular user: return their own feedback only
      const supabase = await createClient();
      const { data: { user } } = await supabase.auth.getUser();

      if (!user) {
        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
      }

      const { data, error } = await supabase
        .from('feedback')
        .select('*')
        .eq('user_id', user.id)
        .order('created_at', { ascending: false });

      if (error) {
        return NextResponse.json({ error: 'Failed to fetch feedback' }, { status: 500 });
      }

      return NextResponse.json({ data });
    }

    // Admin: return all feedback with filters
    const serviceClient = getSupabaseAdmin();
    const url = new URL(request.url);
    const status = url.searchParams.get('status');
    const severity = url.searchParams.get('severity');
    const category = url.searchParams.get('category');
    const limit = parseInt(url.searchParams.get('limit') || '50');

    let query = serviceClient
      .from('feedback')
      .select('*')
      .order('created_at', { ascending: false })
      .limit(Math.min(limit, 100));

    if (status) query = query.eq('status', status);
    if (severity) query = query.eq('severity', severity);
    if (category) query = query.eq('category', category);

    const { data, error } = await query;

    if (error) {
      console.error('Admin feedback fetch error:', error);
      return NextResponse.json({ error: 'Failed to fetch feedback' }, { status: 500 });
    }

    return NextResponse.json({ data });
  } catch (err) {
    console.error('Feedback GET error:', err);
    return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
  }
}
