import { NextResponse } from "next/server";
import { z } from "zod";

const verifySchema = z.object({
	token: z.string().min(1, "Token is required"),
});

export async function POST(request) {
	try {
		const body = await request.json();
		const { token } = verifySchema.parse(body);

		// Import database here to avoid edge runtime issues
		const { default: db } = await import("@/lib/db.js");

		// Check if token exists and is valid
		const resetToken = db
			.prepare(
				`
				SELECT prt.*, u.username, u.name
				FROM password_reset_tokens prt
				JOIN users u ON prt.user_id = u.id
				WHERE prt.token = ? AND prt.used = 0 AND prt.expires_at > datetime('now')
			`
			)
			.get(token);

		if (!resetToken) {
			return NextResponse.json(
				{ error: "Invalid or expired token" },
				{ status: 400 }
			);
		}

		return NextResponse.json({
			valid: true,
			username: resetToken.username,
			name: resetToken.name,
		});
	} catch (error) {
		console.error("Token verification error:", error);
		return NextResponse.json(
			{ error: "Internal server error" },
			{ status: 500 }
		);
	}
}