/**
 * IACE (Industrial AI Compliance Engine) API Proxy - Catch-all route
 * Proxies all /api/sdk/v1/iace/* requests to ai-compliance-sdk backend
 * Supports PDF/ZIP export for CE Technical File
 */

import { NextRequest, NextResponse } from 'next/server'

const SDK_BACKEND_URL = process.env.SDK_API_URL || 'http://ai-compliance-sdk:8090'

async function proxyRequest(
  request: NextRequest,
  pathSegments: string[] | undefined,
  method: string
) {
  const pathStr = pathSegments?.join('/') || ''
  const searchParams = request.nextUrl.searchParams.toString()
  const basePath = `${SDK_BACKEND_URL}/sdk/v1/iace`
  const url = pathStr
    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
    : `${basePath}${searchParams ? `?${searchParams}` : ''}`

  try {
    const headers: HeadersInit = {
      'Content-Type': 'application/json',
    }

    const authHeader = request.headers.get('authorization')
    if (authHeader) {
      headers['Authorization'] = authHeader
    }

    // Default tenant/user for IACE (same pattern as training proxy)
    const DEFAULT_TENANT = process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
    const DEFAULT_USER = '00000000-0000-0000-0000-000000000001'

    const tenantHeader = request.headers.get('x-tenant-id')
    headers['X-Tenant-Id'] = tenantHeader || DEFAULT_TENANT

    const userHeader = request.headers.get('x-user-id')
    headers['X-User-Id'] = userHeader || DEFAULT_USER

    const fetchOptions: RequestInit = {
      method,
      headers,
      signal: AbortSignal.timeout(60000), // 60s for LLM-based generation
    }

    if (['POST', 'PUT', 'PATCH'].includes(method)) {
      const contentType = request.headers.get('content-type')
      if (contentType?.includes('application/json')) {
        try {
          const text = await request.text()
          if (text && text.trim()) {
            fetchOptions.body = text
          }
        } catch {
          // Empty or invalid body
        }
      } else if (contentType?.includes('multipart/form-data')) {
        // Evidence upload: forward as-is
        delete (headers as Record<string, string>)['Content-Type']
        fetchOptions.body = await request.arrayBuffer()
      }
    }

    const response = await fetch(url, fetchOptions)

    // Handle non-JSON responses (PDF/ZIP CE technical file, XLSX/DOCX/MD exports).
    const responseContentType = response.headers.get('content-type') || ''
    const isBinary =
      responseContentType.includes('application/pdf') ||
      responseContentType.includes('application/zip') ||
      responseContentType.includes('application/octet-stream') ||
      responseContentType.includes('application/vnd.openxmlformats-officedocument') ||
      responseContentType.includes('application/vnd.ms-excel') ||
      responseContentType.includes('application/msword') ||
      responseContentType.includes('text/markdown')
    if (isBinary) {
      const blob = await response.blob()
      const forwardedHeaders: Record<string, string> = {
        'Content-Type': responseContentType,
        'Content-Disposition': response.headers.get('content-disposition') || '',
      }
      // Forward DSMS archive metadata so the frontend can render the CID badge
      // (set by archiveTechFile when the backend persisted the export to DSMS).
      for (const h of ['x-dsms-cid', 'x-dsms-filename', 'x-dsms-size']) {
        const v = response.headers.get(h)
        if (v) forwardedHeaders[h] = v
      }
      return new NextResponse(blob, {
        status: response.status,
        headers: forwardedHeaders,
      })
    }

    if (!response.ok) {
      const errorText = await response.text()
      let errorJson
      try {
        errorJson = JSON.parse(errorText)
      } catch {
        errorJson = { error: errorText }
      }
      return NextResponse.json(
        { error: `Backend Error: ${response.status}`, ...errorJson },
        { status: response.status }
      )
    }

    const data = await response.json()
    return NextResponse.json(data)
  } catch (error) {
    console.error('IACE API proxy error:', error)
    return NextResponse.json(
      { error: 'Verbindung zum SDK Backend fehlgeschlagen' },
      { status: 503 }
    )
  }
}

export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params
  return proxyRequest(request, path, 'GET')
}

export async function POST(
  request: NextRequest,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params
  return proxyRequest(request, path, 'POST')
}

export async function PUT(
  request: NextRequest,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params
  return proxyRequest(request, path, 'PUT')
}

export async function PATCH(
  request: NextRequest,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params
  return proxyRequest(request, path, 'PATCH')
}

export async function DELETE(
  request: NextRequest,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params
  return proxyRequest(request, path, 'DELETE')
}