// server/api/permission.get.ts
// Proxy endpoint to fetch permissions from backend API

export default defineEventHandler(async (event) => {
  console.log("🔐 Permission endpoint called");

  const query = getQuery(event);
  const roles = query.roles as string | string[];
  const groups = query.groups as string | string[];

  if (!roles && !groups) {
    throw createError({
      statusCode: 400,
      statusMessage: "roles or groups parameter is required",
    });
  }

  // Convert to arrays and handle single values
  const rolesArray = Array.isArray(roles) ? roles : roles ? [roles] : [];
  const groupsArray = Array.isArray(groups) ? groups : groups ? [groups] : [];

  // Extract primary role and group (use first one or combine)
  const primaryRole = rolesArray[0] || '';
  const primaryGroup = groupsArray[0] || '';

  // Build query parameters
  const params = new URLSearchParams();
  if (primaryRole) params.append('roles', primaryRole);
  if (primaryGroup) params.append('groups', primaryGroup);

  // Backend API URL - adjust this to match your backend
  const backendUrl = `http://10.10.150.131:8080/api/v1/permission?${params.toString()}`;

  try {
    console.log(`📡 Fetching permissions from: ${backendUrl}`);
    console.log(`📋 Query params - roles: ${primaryRole}, groups: ${primaryGroup}`);
    
    const response = await $fetch(backendUrl, {
      method: 'GET',
      headers: {
        'Content-Type': 'application/json',
        'Accept': 'application/json',
      },
    });

    console.log("✅ Permission data fetched successfully");
    console.log("📦 Response structure:", {
      hasMessage: !!(response as any).message,
      hasData: !!(response as any).data,
      dataLength: Array.isArray((response as any).data) ? (response as any).data.length : 0,
      hasMeta: !!(response as any).meta,
    });
    
    // Log first permission item for debugging
    if ((response as any).data && Array.isArray((response as any).data) && (response as any).data.length > 0) {
      console.log("📄 Sample permission item:", (response as any).data[0]);
    }
    
    // Return the response as-is (it should have { message, data, meta } structure)
    return response;
  } catch (error: any) {
    console.error("❌ Error fetching permissions:", error);
    console.error("❌ Error details:", {
      message: error.message,
      status: error.status || error.statusCode,
      statusText: error.statusText || error.statusMessage,
      data: error.data,
    });
    
    // Return empty permissions structure if API fails
    return {
      message: error.message || "Failed to fetch permissions",
      data: [],
      meta: {
        count: 0,
        total: 0
      }
    };
  }
});