import { cookies } from 'next/headers';
import { NextResponse } from 'next/server';

import { getAuthService } from '../../../../lib/auth';

const SESSION_COOKIE = 'gp_demo_session';
const STATE_COOKIE = 'gp_demo_auth_state';

export async function GET(request: Request) {
  const url = new URL(request.url);
  const code = url.searchParams.get('code') ?? undefined;
  const state = url.searchParams.get('state') ?? undefined;
  const returnTo = url.searchParams.get('returnTo') ?? undefined;

  if (!code || !state) {
    return NextResponse.redirect('/auth/iracing');
  }

  const cookieStore = await cookies();
  const storedState = cookieStore.get(STATE_COOKIE)?.value;

  if (!storedState || storedState !== state) {
    return NextResponse.redirect('/auth/iracing');
  }

  const authService = getAuthService();
  const session = await authService.loginWithIracingCallback({ code, state, returnTo });

  cookieStore.set(SESSION_COOKIE, JSON.stringify(session), {
    httpOnly: true,
    sameSite: 'lax',
    path: '/',
    secure: process.env.NODE_ENV === 'production',
  });

  cookieStore.delete(STATE_COOKIE);

  const redirectTarget = returnTo || '/dashboard';
  const absoluteRedirect = new URL(redirectTarget, url.origin).toString();
  return NextResponse.redirect(absoluteRedirect);
}