desa-darmasaba/src/app/api/auth/register/route.ts

import { NextResponse } from 'next/server';
import { cookies } from 'next/headers';
import prisma from '@/lib/prisma';
import { randomOTP } from '../_lib/randomOTP';
import { sendWhatsAppOtp } from '@/lib/wa-service';

export async function POST(req: Request) {
  try {
    const { username, nomor } = await req.json();

    if (!username || !nomor) {
      return NextResponse.json({ success: false, message: 'Data tidak lengkap' }, { status: 400 });
    }

    // Cek duplikat
    if (await prisma.user.findUnique({ where: { nomor } })) {
      return NextResponse.json({ success: false, message: 'Nomor sudah terdaftar' }, { status: 409 });
    }
    if (await prisma.user.findFirst({ where: { username } })) {
      return NextResponse.json({ success: false, message: 'Username sudah digunakan' }, { status: 409 });
    }

    // ✅ Generate dan kirim OTP
    const codeOtp = randomOTP();
    const otpNumber = Number(codeOtp);

    const waMessage = `Website Desa Darmasaba - Kode verifikasi Anda: ${codeOtp}`;

    // Send OTP via WhatsApp using authenticated API
    const waResult = await sendWhatsAppOtp({
      nomor,
      message: waMessage,
    });

    if (!waResult.success) {
      return NextResponse.json(
        { success: false, message: waResult.message || 'Gagal mengirim OTP via WhatsApp', debug: waResult.data },
        { status: 400 }
      );
    }

    // ✅ Simpan OTP ke database
    const otpRecord = await prisma.kodeOtp.create({
      data: { nomor, otp: otpNumber, isActive: true }
    });

    // ✅ Set cookie flow=register (Next.js 15+ syntax)
    const cookieStore = await cookies();
    cookieStore.set('auth_flow', 'register', {
      httpOnly: true,
      secure: process.env.NODE_ENV === 'production',
      sameSite: 'lax',
      maxAge: 60 * 5, // 5 menit
      path: '/'
    });

    // ✅ Kembalikan kodeId
    return NextResponse.json({
      success: true,
      message: 'Kode verifikasi dikirim',
      kodeId: otpRecord.id,
    });
  } catch (error) {
    console.error('Register OTP Error:', error);
    return NextResponse.json({ success: false, message: 'Gagal mengirim OTP' }, { status: 500 });
  } finally {
    await prisma.$disconnect();
  }
}