/**
 * Netlify Function: User Roles
 * GET /rest/v1/user_roles - Lista roles de usuários
 * POST /rest/v1/user_roles - Adiciona role a um usuário
 * DELETE /rest/v1/user_roles - Remove role de um usuário
 */

import type { Handler, HandlerEvent } from "@netlify/functions";

const SUPABASE_URL = "https://yuanqfswhberkoevtmfr.supabase.co";
const SUPABASE_ANON_KEY =
  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Inl1YW5xZnN3aGJlcmtvZXZ0bWZyIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NTQ5NTQzNjksImV4cCI6MjA3MDUzMDM2OX0.g8Fm4XAvtX46zifBZnYVH4tVuQkqUH6Ia9CXQj4DztQ";

export const handler: Handler = async (event: HandlerEvent) => {
  const headers = {
    "Access-Control-Allow-Origin": "*",
    "Access-Control-Allow-Headers": "Content-Type, Authorization",
    "Access-Control-Allow-Methods": "GET, POST, DELETE, OPTIONS",
  };

  if (event.httpMethod === "OPTIONS") {
    return {
      statusCode: 200,
      headers,
      body: "",
    };
  }

  try {
    const authHeader =
      event.headers.authorization || event.headers.Authorization;

    if (!authHeader) {
      return {
        statusCode: 401,
        headers,
        body: JSON.stringify({ error: "Token não fornecido" }),
      };
    }

    if (event.httpMethod === "GET") {
      let url = `${SUPABASE_URL}/rest/v1/user_roles?select=*`;

      if (event.queryStringParameters) {
        const params = new URLSearchParams(
          event.queryStringParameters as Record<string, string>
        );
        const paramsStr = params.toString();
        if (paramsStr) {
          url += `&${paramsStr}`;
        }
      }

      const response = await fetch(url, {
        method: "GET",
        headers: {
          apikey: SUPABASE_ANON_KEY,
          Authorization: authHeader,
        },
      });

      const data = await response.json();

      return {
        statusCode: response.status,
        headers: {
          ...headers,
          "Content-Type": "application/json",
        },
        body: JSON.stringify(data),
      };
    }

    if (event.httpMethod === "POST") {
      // Adicionar nova role para um usuário
      const body = JSON.parse(event.body || "{}");

      if (!body.user_id || !body.role) {
        return {
          statusCode: 400,
          headers,
          body: JSON.stringify({ error: "user_id e role são obrigatórios" }),
        };
      }

      const response = await fetch(`${SUPABASE_URL}/rest/v1/user_roles`, {
        method: "POST",
        headers: {
          apikey: SUPABASE_ANON_KEY,
          Authorization: authHeader,
          "Content-Type": "application/json",
          Prefer: "return=representation",
        },
        body: JSON.stringify({
          user_id: body.user_id,
          role: body.role,
        }),
      });

      const data = await response.json();

      return {
        statusCode: response.status,
        headers: {
          ...headers,
          "Content-Type": "application/json",
        },
        body: JSON.stringify(data),
      };
    }

    if (event.httpMethod === "DELETE") {
      // Remover role de um usuário
      const params = event.queryStringParameters;

      if (!params?.user_id || !params?.role) {
        return {
          statusCode: 400,
          headers,
          body: JSON.stringify({ error: "user_id e role são obrigatórios" }),
        };
      }

      const url = `${SUPABASE_URL}/rest/v1/user_roles?user_id=eq.${params.user_id}&role=eq.${params.role}`;

      const response = await fetch(url, {
        method: "DELETE",
        headers: {
          apikey: SUPABASE_ANON_KEY,
          Authorization: authHeader,
        },
      });

      return {
        statusCode: response.status,
        headers: {
          ...headers,
          "Content-Type": "application/json",
        },
        body: JSON.stringify({ success: true }),
      };
    }

    return {
      statusCode: 405,
      headers,
      body: JSON.stringify({ error: "Method Not Allowed" }),
    };
  } catch (error) {
    console.error("Erro na API de user roles:", error);

    return {
      statusCode: 500,
      headers,
      body: JSON.stringify({
        error: "Erro interno no servidor",
        message: error instanceof Error ? error.message : "Erro desconhecido",
      }),
    };
  }
};