import { NextResponse } from "next/server";
import { completeCart } from "@/lib/medusa";
import { getAuthToken } from "@/lib/auth";
import { parseBody, isNonEmptyString, isValidMedusaId, badRequest, checkCsrf } from "@/lib/apiUtils";

// POST /api/checkout/complete — finalize cart into an order
export async function POST(request: Request) {
  const csrfError = await checkCsrf();
  if (csrfError) return csrfError;

  const body = await parseBody<{ cartId?: unknown }>(request);
  if (!body) return badRequest("Invalid request body");

  const { cartId } = body;
  if (!isNonEmptyString(cartId)) {
    return badRequest("Missing cartId");
  }
  if (!isValidMedusaId(cartId)) {
    return badRequest("Invalid cart ID format");
  }

  // Pass auth token so the resulting order is linked to the customer
  const authToken = (await getAuthToken()) ?? undefined;

  try {
    const result = await completeCart(cartId, authToken);
    return NextResponse.json(result);
  } catch (e) {
    console.error("[checkout:complete]", (e as Error).message);
    return NextResponse.json({ error: "Failed to complete order" }, { status: 500 });
  }
}