web/app/api/users/delete/route.ts

import { NextResponse } from "next/server"
import { auth } from "@/auth"
import { prisma } from "@/lib/prisma"
import { verifyOTP } from "@/lib/otp"
import { syncUserWithNextcloud, deleteNextcloudUser } from "@/lib/nextcloud"

export async function POST(request: Request) {
  const session = await auth()
  if (!session || !session.user?.email) {
    return NextResponse.json({ success: false, error: "Unauthorized" }, { status: 401 })
  }
    
  const { otp, step } = await request.json()
  
  const user = await prisma.user.findUnique({ 
    where: { email: session.user.email }
  })
  
  if (!user) {
    return NextResponse.json({ success: false, error: "User not found" }, { status: 404 })
  }

  if (!step || step === 'nextcloud') {
    if (!otp) {
      return NextResponse.json({ success: false, error: "OTP is required" }, { status: 400 })
    }
    
    const isOTPValid = await verifyOTP(user.id, otp)
    if (!isOTPValid) {
      return NextResponse.json({ success: false, error: "Invalid OTP" }, { status: 401 })
    }
    
    try {
      const nextcloudId = await syncUserWithNextcloud(user.email, true) // true bypasses the cache
      
      if (nextcloudId) {
        const nextcloudDeleted = await deleteNextcloudUser(nextcloudId)
        
        if (!nextcloudDeleted) {
          console.error("[!] Failed to delete user from Nextcloud")
          return NextResponse.json({ 
            success: false, 
            error: "Failed to delete user from Nextcloud",
            details: "The Nextcloud service is currently unavailable or the user could not be deleted. Please try again later or contact support.",
            steps: {
              nextcloud: { status: 'error', message: 'Failed to delete Nextcloud account' },
              database: { status: 'pending', message: 'Not started' }
            }
          }, { status: 500 })
        }
        
        return NextResponse.json({ 
          success: false, 
          message: "Nextcloud account deleted successfully",
          steps: {
            nextcloud: { status: 'success', message: 'Nextcloud account deleted' },
            database: { status: 'pending', message: 'Not started' }
          }
        }, { status: 200 })
      } else {
        console.log("[i] No Nextcloud ID found for user, skipping Nextcloud deletion")
        
        return NextResponse.json({ 
          success: false, 
          message: "No Nextcloud account found, skipping Nextcloud deletion",
          steps: {
            nextcloud: { status: 'success', message: 'No Nextcloud account found' },
            database: { status: 'pending', message: 'Not started' }
          }
        }, { status: 200 })
      }
    } catch (error) {
      console.error("[!] Error in Nextcloud deletion:", error)
      return NextResponse.json({ 
        success: false,
        error: "Failed to delete Nextcloud account",
        details: error instanceof Error ? error.message : "Unknown error",
        steps: {
          nextcloud: { status: 'error', message: 'Error during Nextcloud deletion' },
          database: { status: 'pending', message: 'Not started' }
        }
      }, { status: 500 })
    }
  } 

  else if (step === 'database') {
    try {
      await prisma.oTP.deleteMany({
        where: { userId: user.id }
      })
      
      await prisma.oTPRequest.deleteMany({
        where: { userId: user.id }
      })
      
      await prisma.user.delete({
        where: { id: user.id }
      })
      
      return NextResponse.json({ 
        success: true, 
        message: "User deleted successfully",
        steps: {
          nextcloud: { status: 'success', message: 'Completed' },
          database: { status: 'success', message: 'Completed' }
        }
      }, { status: 200 })
    } catch (dbError) {
      console.error("[!] Database deletion error:", dbError)
      return NextResponse.json({ 
        success: false,
        error: "Failed to delete user from database",
        details: dbError instanceof Error ? dbError.message : "Unknown database error",
        steps: {
          nextcloud: { status: 'success', message: 'Completed' },
          database: { status: 'error', message: 'Failed to delete database records' }
        }
      }, { status: 500 })
    }
  }

  else {
    return NextResponse.json({ 
      success: false, 
      error: "Invalid step specified",
      steps: {
        nextcloud: { status: 'pending', message: 'Not started' },
        database: { status: 'pending', message: 'Not started' }
      }
    }, { status: 400 })
  }
}