import { NextRequest, NextResponse } from 'next/server'
import { db } from '@/lib/db'
import { requireAuth } from '@/lib/api-auth'
import { hashPassword } from '@/lib/auth'
import { sendUserCreatedEmail } from '@/lib/email'

export async function GET(request: NextRequest) {
  try {
    const authResult = await requireAuth(['MANAGER', 'ADMIN'])(request)
    if ('error' in authResult) return authResult.error

    const supervisors = await db.user.findMany({
      where: { role: 'SUPERVISOR' },
      select: {
        id: true,
        email: true,
        name: true,
        phone: true,
        isActive: true,
        createdAt: true,
        _count: {
          select: {
            assignedReviews: true,
            supervisorResponses: true,
          },
        },
      },
      orderBy: { name: 'asc' },
    })

    return NextResponse.json({ supervisors })
  } catch (error) {
    console.error('Error al listar supervisores:', error)
    return NextResponse.json(
      { error: 'Error interno del servidor' },
      { status: 500 }
    )
  }
}

export async function POST(request: NextRequest) {
  try {
    const authResult = await requireAuth(['MANAGER', 'ADMIN'])(request)
    if ('error' in authResult) return authResult.error

    const body = await request.json()
    const { email, name, phone, password } = body

    if (!email || !name || !password) {
      return NextResponse.json(
        { error: 'Email, nombre y contraseña son requeridos' },
        { status: 400 }
      )
    }

    if (password.length < 6) {
      return NextResponse.json(
        { error: 'La contraseña debe tener al menos 6 caracteres' },
        { status: 400 }
      )
    }

    const existingUser = await db.user.findUnique({
      where: { email: email.toLowerCase().trim() },
    })

    if (existingUser) {
      return NextResponse.json(
        { error: 'Ya existe una cuenta con este email' },
        { status: 409 }
      )
    }

    const passwordHash = await hashPassword(password)

    const supervisor = await db.user.create({
      data: {
        email: email.toLowerCase().trim(),
        name: name.trim(),
        phone: phone?.trim() || null,
        passwordHash,
        role: 'SUPERVISOR',
      },
      select: {
        id: true,
        email: true,
        name: true,
        phone: true,
        isActive: true,
        createdAt: true,
      },
    })

    // Send welcome email (non-blocking, don't fail if email fails)
    sendUserCreatedEmail({
      to: supervisor.email,
      name: supervisor.name,
      password,
      role: 'SUPERVISOR',
    }).catch((err) => {
      console.error('Failed to send welcome email:', err)
    })

    return NextResponse.json({ supervisor }, { status: 201 })
  } catch (error) {
    console.error('Error al crear supervisor:', error)
    return NextResponse.json(
      { error: 'Error interno del servidor' },
      { status: 500 }
    )
  }
}
