export const dynamic = "force-dynamic";

import { fail, ok } from "@/lib/api";
import { enforceRateLimit } from "@/lib/rate-limit";
import { cancelSchema } from "@/lib/validators/public";
import { getRescheduleInfo } from "@/lib/services/appointments";
import { resolveTimeZone } from "@/lib/date";

export async function GET(req: Request) {
  const url = new URL(req.url);
  const parsed = cancelSchema.safeParse({ token: url.searchParams.get("token") });
  const timezone = resolveTimeZone(url.searchParams.get("timezone"));

  const limit = enforceRateLimit({
    req,
    scope: "public-reschedule-info",
    limit: 40,
    windowMs: 60_000,
    ...(parsed.success ? { keySuffix: parsed.data.token.slice(0, 12) } : {})
  });

  if (!limit.ok) {
    return fail("Zu viele Anfragen. Bitte kurz warten.", 429, {
      retryAfterSeconds: limit.retryAfterSeconds
    });
  }

  if (!parsed.success) {
    return fail("Token fehlt oder ist ungültig", 400, parsed.error.flatten());
  }

  const result = await getRescheduleInfo(parsed.data.token, timezone);
  if (!result.ok) {
    return fail(result.message, result.status);
  }

  return ok(result.data);
}