import { NextRequest, NextResponse } from 'next/server';
import { envSchema, getRawEnv } from '@/lib/env';

export async function GET(req: NextRequest) {
    const env = envSchema.parse(getRawEnv());
    const gatekeeperUrl = env.GATEKEEPER_URL;

    const host = req.headers.get('host') || '';
    const { searchParams } = new URL(req.url);
    const hasBypassParam = searchParams.get('gatekeeper_bypass') === 'true';

    const isLocal = host.includes('localhost') || host.includes('127.0.0.1') || host.includes('klz.localhost');
    const isBypassEnabled = hasBypassParam || env.GATEKEEPER_BYPASS_ENABLED || (env.NODE_ENV === 'development' && isLocal);

    // If bypass is enabled or we are in local development, use "Dev-Admin" identity.
    if (isBypassEnabled) {
        return NextResponse.json({
            authenticated: true,
            identity: 'Dev-Admin',
            isDevFallback: true
        });
    }

    try {
        // We forward the cookie header to gatekeeper so it can identify the session
        const response = await fetch(`${gatekeeperUrl}/api/whoami`, {
            headers: {
                cookie: req.headers.get('cookie') || '',
            },
            cache: 'no-store',
        });

        if (!response.ok) {
            return NextResponse.json({ authenticated: false, identity: 'Guest' });
        }

        const data = await response.json();
        return NextResponse.json(data);
    } catch (error: any) {
        console.error('Error proxying to gatekeeper:', error);
        return NextResponse.json({ authenticated: false, identity: 'Guest (Auth Error)' });
    }
}