hipmi/src/app/api/user-validate/route.ts

import { decrypt } from "@/app/(auth)/_lib/decrypt";
import { prisma } from "@/lib";
import { cookies } from "next/headers";
import { NextResponse } from "next/server";

export const dynamic = "force-dynamic";

export async function GET(req: Request) {
  try {
    const SESSIONKEY = process.env.NEXT_PUBLIC_BASE_SESSION_KEY!;
    const TOKENKEY = process.env.NEXT_PUBLIC_BASE_TOKEN_KEY!;
    const cookieStore = cookies();

    const authHeader = req.headers.get("Authorization") || "";
    const bearerToken = authHeader.startsWith("Bearer ")
      ? authHeader.split(" ")[1]
      : undefined;

    const token = cookieStore.get(SESSIONKEY)?.value || bearerToken;

    if (!token) {
      return NextResponse.json(
        {
          success: false,
          message: "Unauthorized token not found",
        },
        { status: 401 }
      );
    }

    const decrypted = await decrypt({
      token,
      encodedKey: TOKENKEY,
    });

    if (!decrypted?.id) {
      return NextResponse.json(
        {
          success: false,
          message: "Unauthorized: invalid token data",
        },
        { status: 401 }
      );
    }

    const user = await prisma.user.findUnique({
      where: {
        id: decrypted.id,
      },
    });

    if (!user) {
      return NextResponse.json(
        {
          success: false,
          message: "User tidak ditemukan",
        },
        { status: 404 }
      );
    }

    if (!user.active) {
      return NextResponse.json(
        {
          success: false,
          message: "User belum aktif",
          data: user,
        },
        { status: 403 }
      );
    }

    return NextResponse.json({
      success: true,
      message: "Berhasil mendapatkan data",
      data: user,
    });
  } catch (error) {
    console.error("Error in user validation:", error);
    return NextResponse.json(
      {
        success: false,
        message: "Terjadi kesalahan pada server",
      },
      { status: 500 }
    );
  }
  // Removed prisma.$disconnect() from here to prevent connection pool exhaustion
  // Prisma connections are handled globally and shouldn't be disconnected on each request
}