import { eq } from 'drizzle-orm';
import { headers } from 'next/headers';
import { NextResponse } from 'next/server';
import { db } from '@/db/drizzle';
import { user } from '@/db/schema';
import { auth } from '@/lib/auth';

export async function GET(
  request: Request,
  { params }: { params: { id: string } }
) {
  try {
    const session = await auth.api.getSession({
      headers: await headers(),
    });

    if (!session?.user) {
      return NextResponse.json({ message: 'Unauthorized' }, { status: 401 });
    }

    const userId = params.id;

    if (!userId) {
      return NextResponse.json(
        { message: 'User ID is required' },
        { status: 400 }
      );
    }

    const foundUser = await db
      .select()
      .from(user)
      .where(eq(user.id, userId))
      .limit(1);

    if (foundUser.length === 0) {
      return NextResponse.json({ message: 'User not found' }, { status: 404 });
    }

    // Return only public information, e.g., name, email, image, etc.
    // Avoid returning sensitive data like password hashes, emailVerified, etc.
    const {
      id,
      name,
      email,
      image,
      aboutMe,
      userTitle,
      gender,
      marital,
      pageId,
      dob,
      address,
      weddingAnniversary,
      callerSquad,
      role,
      emailVerifiedAt,
    } = foundUser[0];

    return NextResponse.json(
      {
        id,
        name,
        email,
        image,
        aboutMe,
        userTitle,
        gender,
        marital,
        pageId,
        dob,
        address,
        weddingAnniversary,
        callerSquad,
        role,
        emailVerifiedAt,
      },
      { status: 200 }
    );
  } catch (error) {
    console.log(error);
    return NextResponse.json(
      { message: 'Internal Server Error' },
      { status: 500 }
    );
  }
}