import type { NextApiRequest, NextApiResponse } from 'next'
import { getPostPreview } from '@/lib/api/previews'
// import type { PreviewData } from '@/lib/types'

export default async function preview(req: NextApiRequest, res: NextApiResponse) {
  const { secret, id, slug } = req.query

  // Check the secret and next parameters
  // This secret should only be known by this API route
  if (!process.env.WORDPRESS_PREVIEW_SECRET || secret !== process.env.WORDPRESS_PREVIEW_SECRET || (!id && !slug)) {
    return res.status(401).json({ message: 'Invalid preview token' })
  }

  // Fetch WordPress to check if the provided `id` or `slug` exists
  const post = await getPostPreview(`${id || slug}`, id ? 'DATABASE_ID' : 'SLUG')

  // If the post doesn't exist prevent preview mode from being enabled
  if (!post) {
    return res.status(401).json({ message: 'Post not found' })
  }

  // Enable Preview Mode by setting the cookies
  const previewData = {
    post: {
      id: post.databaseId,
      slug: post.slug,
      status: post.status,
    },
  }
  res.setPreviewData(previewData)

  // Redirect to the path from the fetched post
  // We don't redirect to `req.query.slug` as that might lead to open redirect vulnerabilities
  res.writeHead(307, { Location: `/posts/${post.slug || post.databaseId}` })
  res.end()
}