import { NextResponse } from 'next/server';
import { findUser, verifyPassword, createSession } from '@/lib/auth';
import { generateOTP } from '@/lib/otp';
import TelegramBot from 'node-telegram-bot-api';

const BOT_TOKEN = process.env.TELEGRAM_BOT_TOKEN;

async function sendTelegramOTP(chatId: string, otp: string) {
  if (!BOT_TOKEN) return false;
  try {
    const bot = new TelegramBot(BOT_TOKEN, { polling: false });
    await bot.sendMessage(chatId, `🔐 *Código de Acceso Finanzas*\n\nTu código es: \`${otp}\`\n\nSi no intentaste ingresar, ignora este mensaje.`, { parse_mode: 'Markdown' });
    return true;
  } catch (e) {
    console.error('Telegram send error:', e);
    return false;
  }
}

export async function POST(req: Request) {
  try {
    const { username, password } = await req.json();
    const ip = req.headers.get('x-forwarded-for')?.split(',')[0].trim() || 'unknown';

    const user = findUser(username);

    if (!user || !(await verifyPassword(password, user.passwordHash))) {
      return NextResponse.json({ error: 'Credenciales inválidas' }, { status: 401 });
    }

    // Check IP
    const isKnownIp = user.knownIps.includes(ip);

    if (isKnownIp) {
      // Login success directly
      await createSession(user);
      return NextResponse.json({ success: true, requireOtp: false });
    } else {
      // Require OTP
      const otp = generateOTP(user.username);
      
      const sent = await sendTelegramOTP(user.chatId, otp);
      
      if (!sent) {
        return NextResponse.json({ error: 'No se pudo enviar el código OTP a Telegram' }, { status: 500 });
      }

      return NextResponse.json({ success: true, requireOtp: true });
    }
  } catch (error) {
    console.error('Login error:', error);
    return NextResponse.json({ error: 'Error interno' }, { status: 500 });
  }
}