// netlify/functions/verify-sms.js
import fetch from 'node-fetch';

const VONAGE_API_KEY = 'd5ddc322';
const VONAGE_API_SECRET = 'rrPEP6MFDcCEwJoS';

export const handler = async (event, context) => {
  console.log('🔍 SMS verification function called');
  
  // Handle preflight requests FIRST
  if (event.httpMethod === 'OPTIONS') {
    return {
      statusCode: 200,
      headers: {
        'Access-Control-Allow-Origin': '*',
        'Access-Control-Allow-Headers': 'Content-Type',
        'Access-Control-Allow-Methods': 'POST, OPTIONS',
      },
      body: ''
    };
  }

  // Only handle POST requests
  if (event.httpMethod !== 'POST') {
    return {
      statusCode: 405,
      headers: {
        'Access-Control-Allow-Origin': '*',
        'Access-Control-Allow-Headers': 'Content-Type',
        'Access-Control-Allow-Methods': 'POST, OPTIONS',
      },
      body: JSON.stringify({ error: 'Method not allowed' })
    };
  }

  try {
    const { request_id, code } = JSON.parse(event.body);
    
    if (!request_id || !code) {
      return {
        statusCode: 400,
        headers: {
          'Access-Control-Allow-Origin': '*',
          'Access-Control-Allow-Headers': 'Content-Type',
        },
        body: JSON.stringify({ error: 'Request ID and code required' })
      };
    }

    console.log(`🔍 Verifying code: ${code} for request: ${request_id}`);

    // Call Vonage Verify Check API
    const response = await fetch('https://api.nexmo.com/verify/check/json', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      body: new URLSearchParams({
        api_key: VONAGE_API_KEY,
        api_secret: VONAGE_API_SECRET,
        request_id: request_id,
        code: code
      })
    });

    const data = await response.json();
    console.log('📡 Vonage verify response:', data);

    if (data.status === '0') {
      console.log('✅ SMS verification successful');
      return {
        statusCode: 200,
        headers: {
          'Access-Control-Allow-Origin': '*',
          'Access-Control-Allow-Headers': 'Content-Type',
        },
        body: JSON.stringify({
          success: true,
          message: 'Verification successful'
        })
      };
    } else {
      console.error('❌ SMS verification failed:', data);
      const errorMessage = getVonageErrorMessage(data.status);
      return {
        statusCode: 400,
        headers: {
          'Access-Control-Allow-Origin': '*',
          'Access-Control-Allow-Headers': 'Content-Type',
        },
        body: JSON.stringify({
          success: false,
          error: errorMessage
        })
      };
    }

  } catch (error) {
    console.error('❌ Error in verify-sms function:', error);
    return {
      statusCode: 500,
      headers: {
        'Access-Control-Allow-Origin': '*',
        'Access-Control-Allow-Headers': 'Content-Type',
      },
      body: JSON.stringify({
        success: false,
        error: 'Internal server error'
      })
    };
  }
};

// Get human-readable error message from Vonage status code
function getVonageErrorMessage(status) {
  const errors = {
    '1': 'Throttled - please wait before trying again',
    '2': 'Invalid credentials',
    '3': 'Invalid request ID',
    '4': 'Invalid request ID or code has expired',
    '5': 'Invalid request ID or code has expired',
    '6': 'The Verify ID does not exist or you used an invalid request ID',
    '7': 'The code does not match the expected value',
    '8': 'Too many wrong codes provided',
    '9': 'Throttled - you tried to verify too many codes',
    '10': 'Verification request has expired',
    '15': 'The destination number is not in a supported network',
    '16': 'The code inserted does not match the expected value',
    '17': 'Wrong code too many times'
  };
  return errors[status] || `Verification failed (Error ${status})`;
}