import { NextRequest, NextResponse } from 'next/server'

export async function GET(request: NextRequest) {
  const { searchParams } = new URL(request.url)
  const secret = searchParams.get('secret')
  const id = searchParams.get('id')

  // Check the secret and next parameters
  // This secret should be only known to this API route and the CMS
  if (secret !== process.env.PREVIEW_SECRET || !id) {
    return NextResponse.json({ message: 'Invalid token' }, { status: 401 })
  }

  // Enable Preview Mode by setting the cookies
  const res = NextResponse.next()
  res.cookies.set('__prerender_bypass', process.env.PRERENDER_BYPASS_TOKEN || '')
  res.cookies.set('__next_preview_data', process.env.PREVIEW_DATA_TOKEN || '')

  // Redirect to the path from the fetched post
  // We don't redirect to searchParams.slug as that might lead to open redirect vulnerabilities
  return NextResponse.redirect(new URL(`/product/${id}`, request.url))
}