import { getServerSession } from "next-auth/next";
import { authOptions } from "@/app/api/auth/[...nextauth]/route";
import { NextResponse } from "next/server";

async function getAdminToken() {
  try {
    const tokenResponse = await fetch(
      `${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
      {
        method: 'POST',
        headers: {
          'Content-Type': 'application/x-www-form-urlencoded',
        },
        body: new URLSearchParams({
          grant_type: 'client_credentials',
          client_id: process.env.KEYCLOAK_CLIENT_ID!,
          client_secret: process.env.KEYCLOAK_CLIENT_SECRET!,
        }),
      }
    );

    const data = await tokenResponse.json();

    if (!tokenResponse.ok || !data.access_token) {
      console.error('Token Error:', data);
      return null;
    }

    return data.access_token;
  } catch (error) {
    console.error('Token Error:', error);
    return null;
  }
}

export async function PUT(
  req: Request,
  { params }: { params: { userId: string } }
) {
  const session = await getServerSession(authOptions);

  if (!session) {
    return NextResponse.json({ error: "Non autorisé" }, { status: 401 });
  }

  try {
    const { roles } = await req.json();
    const token = await getAdminToken();

    if (!token) {
      return NextResponse.json({ error: "Erreur d'authentification" }, { status: 401 });
    }

    // First, get all available roles from Keycloak
    const rolesResponse = await fetch(
      `${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/roles`,
      {
        headers: {
          Authorization: `Bearer ${token}`,
        },
      }
    );

    if (!rolesResponse.ok) {
      const errorData = await rolesResponse.json();
      console.error("Failed to fetch roles:", errorData);
      return NextResponse.json({ error: "Erreur lors de la récupération des rôles" }, { status: rolesResponse.status });
    }

    const availableRoles = await rolesResponse.json();
    console.log("Available roles:", availableRoles);

    // Map role names to role objects
    const roleObjects = roles.map((roleName: string) => {
      const role = availableRoles.find((r: any) => r.name === roleName);
      if (!role) {
        throw new Error(`Role ${roleName} not found in Keycloak`);
      }
      return role;
    });

    // First, get current role mappings
    const currentMappingsResponse = await fetch(
      `${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users/${params.userId}/role-mappings/realm`,
      {
        headers: {
          Authorization: `Bearer ${token}`,
        },
      }
    );

    if (!currentMappingsResponse.ok) {
      const errorData = await currentMappingsResponse.json();
      console.error("Failed to fetch current role mappings:", errorData);
      return NextResponse.json({ error: "Erreur lors de la récupération des rôles actuels" }, { status: currentMappingsResponse.status });
    }

    const currentMappings = await currentMappingsResponse.json();

    // Remove all current role mappings
    if (currentMappings.length > 0) {
      const deleteResponse = await fetch(
        `${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users/${params.userId}/role-mappings/realm`,
        {
          method: 'DELETE',
          headers: {
            Authorization: `Bearer ${token}`,
            'Content-Type': 'application/json',
          },
          body: JSON.stringify(currentMappings),
        }
      );

      if (!deleteResponse.ok) {
        const errorData = await deleteResponse.json();
        console.error("Failed to remove current roles:", errorData);
        return NextResponse.json({ error: "Erreur lors de la suppression des rôles actuels" }, { status: deleteResponse.status });
      }
    }

    // Add new role mappings
    if (roleObjects.length > 0) {
      const addResponse = await fetch(
        `${process.env.KEYCLOAK_BASE_URL}/admin/realms/${process.env.KEYCLOAK_REALM}/users/${params.userId}/role-mappings/realm`,
        {
          method: 'POST',
          headers: {
            Authorization: `Bearer ${token}`,
            'Content-Type': 'application/json',
          },
          body: JSON.stringify(roleObjects),
        }
      );

      if (!addResponse.ok) {
        const errorData = await addResponse.json();
        console.error("Failed to add new roles:", errorData);
        return NextResponse.json({ error: "Erreur lors de l'ajout des nouveaux rôles" }, { status: addResponse.status });
      }
    }

    return NextResponse.json({ success: true, roles });
  } catch (error) {
    console.error("Error in update roles:", error);
    return NextResponse.json(
      { error: error instanceof Error ? error.message : "Une erreur est survenue" },
      { status: 500 }
    );
  }
}