import { NextResponse } from 'next/server';
import { prisma } from '../../../../lib/prisma';
import { randomToken, addHours } from '../../../../lib/tokens';
import { sendPasswordResetEmail } from '../../../../lib/mailer';

const APP_URL = process.env.APP_URL || 'http://localhost:3000';

export async function POST(req: Request) {
  try {
    const body = await req.json();
    const email = String(body.email ?? '').trim().toLowerCase();
    if (!email) {
      return NextResponse.json({ error: 'Email is required' }, { status: 400 });
    }

    const user = await prisma.user.findUnique({ where: { email }, select: { id: true, emailVerifiedAt: true } });
    if (user) {
      const token = randomToken();
      await prisma.verificationToken.create({
        data: {
          userId: user.id,
          token,
          type: 'password_reset',
          expiresAt: addHours(2),
        },
      });
      const resetUrl = `${APP_URL}/auth/reset?token=${token}`;
      await sendPasswordResetEmail(email, resetUrl);
    }

    return NextResponse.json({ ok: true });
  } catch (error) {
    console.error('Forgot password error', error);
    return NextResponse.json({ ok: true });
  }
}

export const dynamic = 'force-dynamic';