import { NextRequest, NextResponse } from 'next/server';
import { authLimiter } from '@/lib/middleware/rateLimiter';

/**
 * Password reset request endpoint with rate limiting
 * Limited to 5 attempts per 15 minutes per IP
 */
export async function POST(request: NextRequest) {
  // Apply rate limiting
  const rateLimitResult = await authLimiter(request);
  if (rateLimitResult) return rateLimitResult;

  try {
    const body = await request.json();
    const { email } = body;

    // TODO: Implement actual password reset logic
    // This is a placeholder - actual password reset will be handled by backend

    // For now, forward to backend API
    const backendUrl = process.env.NEXT_PUBLIC_API_URL || 'http://localhost:3020';
    const response = await fetch(`${backendUrl}/api/v1/auth/password-reset`, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
      },
      body: JSON.stringify({ email }),
    });

    const data = await response.json();

    if (!response.ok) {
      return NextResponse.json(data, { status: response.status });
    }

    return NextResponse.json(data, { status: 200 });
  } catch (error) {
    console.error('[Auth] Password reset error:', error);
    return NextResponse.json(
      {
        error: 'AUTH_PASSWORD_RESET_FAILED',
        message: 'Password reset request failed. Please try again.',
      },
      { status: 500 }
    );
  }
}