import { NextRequest, NextResponse } from 'next/server';
import { ZarinPal } from 'zarinpal-node-sdk';
import { getDatabase } from '@/lib/db';

const zarinpal = new ZarinPal({
  merchantId: process.env.ZARINPAL_MERCHANT_ID || 'test-merchant-id',
  sandbox: process.env.NODE_ENV !== 'production',
});

export async function POST(request: NextRequest) {
  try {
    const body = await request.json();
    const { authority } = body;

    if (!authority) {
      return NextResponse.json(
        { error: 'Authority code is required' },
        { status: 400 }
      );
    }

    const db = getDatabase();

    // Get payment details from database
    const paymentRecord = db.prepare(`
      SELECT * FROM payment_authorities WHERE authority = ?
    `).get(authority) as any;

    if (!paymentRecord) {
      return NextResponse.json(
        { error: 'No matching transaction found for this authority code' },
        { status: 404 }
      );
    }

    // Check if already verified
    if (paymentRecord.status === 'verified') {
      return NextResponse.json({
        success: true,
        refId: paymentRecord.refId,
        message: 'Payment already verified',
      });
    }

    // Verify payment with ZarinPal
    const response = await zarinpal.verifications.verify({
      amount: paymentRecord.amount,
      authority: authority,
    });

    if (response.data.code === 100 || response.data.code === 101) {
      const refId = response.data.ref_id;
      const cardPan = response.data.card_pan;
      const fee = response.data.fee;

      // Update payment authority status
      db.prepare(`
        UPDATE payment_authorities
        SET status = 'verified', refId = ?, cardPan = ?, fee = ?, verifiedAt = ?
        WHERE authority = ?
      `).run(refId, cardPan, fee, Date.now(), authority);

      // Create purchase record (auto-approved for IPG payments)
      db.prepare(`
        INSERT INTO purchases (albumId, transactionId, customerName, email, phoneNumber, txReceipt, purchaseDate, approvalStatus, paymentMethod)
        VALUES (?, ?, ?, ?, ?, ?, ?, 'approved', 'ipg')
      `).run(
        paymentRecord.albumId,
        refId.toString(),
        paymentRecord.customerName,
        paymentRecord.email,
        paymentRecord.phoneNumber,
        `ZarinPal-${refId}`,
        Date.now()
      );

      return NextResponse.json({
        success: true,
        refId: refId,
        cardPan: cardPan,
        fee: fee,
        message: response.data.code === 101 ? 'Payment already verified' : 'Payment verified successfully',
      });
    } else {
      // Update payment authority status to failed
      db.prepare(`
        UPDATE payment_authorities
        SET status = 'failed'
        WHERE authority = ?
      `).run(authority);

      return NextResponse.json(
        { error: `Transaction failed with code: ${response.data.code}` },
        { status: 400 }
      );
    }
  } catch (error: any) {
    console.error('Payment verification error:', error);
    return NextResponse.json(
      { error: error.message || 'Failed to verify payment' },
      { status: 500 }
    );
  }
}