import { NextRequest, NextResponse } from "next/server";
import bcrypt from "bcryptjs";
import { prisma } from "@/lib/prisma";

// GET /api/student/reset-password?token=xyz — used by the reset page on load
// to check whether the token is valid before showing the form.
export async function GET(req: NextRequest) {
  const token = req.nextUrl.searchParams.get("token");

  if (!token) {
    return NextResponse.json({ valid: false, message: "No token provided." }, { status: 400 });
  }

  const student = await prisma.students.findFirst({
    where: { reset_token: token },
  });

  if (!student) {
    return NextResponse.json({ valid: false, message: "This reset link is invalid." }, { status: 400 });
  }

  if (student.reset_token_expiry && new Date(student.reset_token_expiry) < new Date()) {
    return NextResponse.json({ valid: false, message: "This reset link has expired." }, { status: 400 });
  }

  return NextResponse.json({ valid: true });
}

// POST /api/student/reset-password — { token, password } sets the new password
export async function POST(req: NextRequest) {
  try {
    const body = await req.json();
    const { token, password } = body as { token?: string; password?: string };

    if (!token) {
      return NextResponse.json({ success: false, message: "No token provided." }, { status: 400 });
    }
    if (!password || password.length < 8) {
      return NextResponse.json(
        { success: false, message: "Password must be at least 8 characters." },
        { status: 400 }
      );
    }

    const student = await prisma.students.findFirst({ where: { reset_token: token } });

    if (!student) {
      return NextResponse.json({ success: false, message: "This reset link is invalid." }, { status: 400 });
    }

    if (student.reset_token_expiry && new Date(student.reset_token_expiry) < new Date()) {
      return NextResponse.json({ success: false, message: "This reset link has expired." }, { status: 400 });
    }

    const hashedPassword = await bcrypt.hash(password, 10);

    await prisma.students.update({
      where: { id: student.id },
      data: {
        password: hashedPassword,
        reset_token: null,
        reset_token_expiry: null,
      },
    });

    return NextResponse.json({ success: true, message: "Password reset successfully." });
  } catch (error) {
    console.error("Reset Password Error:", error);
    return NextResponse.json({ success: false, message: "Something went wrong." }, { status: 500 });
  }
}