import { NextRequest, NextResponse } from "next/server";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import {
  ALLOWED_KYC_MIME,
  MAX_KYC_FILE_BYTES,
  isKycKind,
  saveEncrypted,
} from "@/lib/secure-storage";

export const runtime = "nodejs";
export const dynamic = "force-dynamic";

export async function POST(req: NextRequest) {
  const session = await getServerSession(authOptions);
  if (!session?.user) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

  let form: FormData;
  try {
    form = await req.formData();
  } catch {
    return NextResponse.json({ error: "Body bukan multipart/form-data" }, { status: 400 });
  }

  const kind = String(form.get("kind") ?? "");
  const file = form.get("file");

  if (!isKycKind(kind)) {
    return NextResponse.json({ error: "kind harus 'ktp' atau 'selfie'" }, { status: 400 });
  }
  if (!(file instanceof File)) {
    return NextResponse.json({ error: "File wajib diisi" }, { status: 400 });
  }
  if (!ALLOWED_KYC_MIME.has(file.type)) {
    return NextResponse.json(
      { error: "Hanya menerima JPG, PNG, atau WebP" },
      { status: 415 },
    );
  }
  if (file.size > MAX_KYC_FILE_BYTES) {
    return NextResponse.json({ error: "File maksimal 5MB" }, { status: 413 });
  }

  const buf = Buffer.from(await file.arrayBuffer());
  const meta = await saveEncrypted(kind, buf, file.type);

  return NextResponse.json({
    key: meta.key,
    mime: meta.mime,
    size: meta.size,
  });
}