/**
 * Admin-only endpoint to test an AI provider configuration without saving.
 *
 * POST /api/admin/ai/test
 *   body: { provider: "openai" | "anthropic", apiKey?, model?, baseURL? }
 *
 * If apiKey is omitted (or === "••••keep"), uses the currently saved key
 * from settings — useful for "test what's configured right now" without
 * re-typing the key. Otherwise tests the supplied values.
 *
 * Returns { ok, sample, provider, model } on success or { error } on failure.
 * Audits both success and failure so admins can review who hit external APIs.
 */
import { NextRequest } from "next/server";
import { requireAdmin, audit } from "@/lib/admin-guard";
import { headers } from "next/headers";
import { testProvider } from "@/lib/ai/provider";
import { getSetting } from "@/lib/settings";

export const runtime = "nodejs";

type Body = {
  provider?: "openai" | "anthropic";
  apiKey?: string;
  model?: string;
  baseURL?: string;
};

const KEEP_SENTINEL = "••••";

export async function POST(req: NextRequest) {
  const admin = await requireAdmin();
  const ip = (await headers()).get("x-forwarded-for")?.split(",")[0]?.trim() ?? null;

  let body: Body;
  try {
    body = (await req.json()) as Body;
  } catch {
    return Response.json({ error: "Invalid JSON body" }, { status: 400 });
  }

  const provider = body.provider;
  if (provider !== "openai" && provider !== "anthropic") {
    return Response.json({ error: "provider phải là 'openai' hoặc 'anthropic'" }, { status: 400 });
  }

  // Resolve config: client may pass new values OR ask us to test the saved
  // config (sentinel "••••" means "keep saved key").
  const useSaved = !body.apiKey || body.apiKey.startsWith(KEEP_SENTINEL);
  const apiKey = useSaved
    ? await getSetting(provider === "openai" ? "ai.openai_api_key" : "ai.anthropic_api_key")
    : body.apiKey!;
  const model =
    body.model ||
    (await getSetting(provider === "openai" ? "ai.openai_model" : "ai.anthropic_model")) ||
    (provider === "openai" ? "gpt-4o-mini" : "claude-3-5-sonnet-latest");
  const baseURL =
    provider === "openai"
      ? body.baseURL || (await getSetting("ai.openai_base_url")) || "https://api.openai.com/v1"
      : undefined;

  if (!apiKey) {
    return Response.json(
      { error: "Chưa có API key — nhập key trong form hoặc lưu trước rồi test." },
      { status: 400 }
    );
  }

  try {
    const result = await testProvider(provider, { apiKey, model, baseURL });
    await audit({
      actorId: admin.userId,
      actorName: admin.name,
      action: "ai.test_connection",
      target: provider,
      metadata: { model, baseURL: baseURL ?? null, useSaved, ok: true },
      ipAddress: ip ?? undefined,
    });
    return Response.json(result);
  } catch (err) {
    const msg = err instanceof Error ? err.message : "Unknown error";
    await audit({
      actorId: admin.userId,
      actorName: admin.name,
      action: "ai.test_connection",
      target: provider,
      metadata: { model, baseURL: baseURL ?? null, useSaved, ok: false, error: msg.slice(0, 300) },
      ipAddress: ip ?? undefined,
    });
    return Response.json({ error: msg }, { status: 502 });
  }
}
