import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";

function isAllowedUrl(urlString: string): boolean {
  try {
    const url = new URL(urlString);
    const host = url.hostname.toLowerCase();
    return (
      host === "pub-98c57a35f93247069901c0412c3b327f.r2.dev" ||
      host.endsWith(".r2.dev")
    );
  } catch {
    return false;
  }
}

export async function GET(req: NextRequest) {
  const { searchParams } = new URL(req.url);
  const fileUrl = searchParams.get("url");

  if (!fileUrl || typeof fileUrl !== "string") {
    return NextResponse.json({ message: "Missing url parameter" }, { status: 400 });
  }

  const decodedUrl = decodeURIComponent(fileUrl);
  if (!isAllowedUrl(decodedUrl)) {
    return NextResponse.json({ message: "URL not allowed" }, { status: 403 });
  }

  try {
    const res = await fetch(decodedUrl, { method: "GET" });
    if (!res.ok) {
      return NextResponse.json(
        { message: "Failed to fetch file" },
        { status: res.status }
      );
    }

    const contentType = res.headers.get("content-type") || "application/pdf";
    const blob = await res.arrayBuffer();

    return new NextResponse(blob, {
      status: 200,
      headers: {
        "Content-Type": contentType,
        "Content-Disposition": 'attachment; filename="quotation.pdf"',
        "Cache-Control": "private, no-cache",
      },
    });
  } catch (err) {
    console.error("[download-file] proxy error:", err);
    return NextResponse.json(
      { message: "Failed to proxy file" },
      { status: 502 }
    );
  }
}