/**
 * Proxmox BFF API routes — proxies browser requests to the Cloudflare
 * Access protected Proxmox API using a server-side service token.
 *
 * These routes intentionally expose a **narrow, safelisted** surface to
 * the browser — we don't want to proxy arbitrary Proxmox endpoints.
 *
 * Current endpoints:
 *   GET /api/proxmox/health          — upstream reachability check
 *   GET /api/proxmox/cluster/status  — aggregated cluster node status
 */
import type { Request, Response } from "express";
import { getClusterHealth, isProxmoxConfigured, readProxmoxEnv } from "../integrations/proxmox";

export async function proxmoxHealth(_req: Request, res: Response) {
  const env = readProxmoxEnv();
  if (!isProxmoxConfigured(env)) {
    return res.status(503).json({
      status: "unconfigured",
      message:
        "PROXMOX_API_URL / PROXMOX_CF_ACCESS_CLIENT_ID / PROXMOX_CF_ACCESS_CLIENT_SECRET not set on the orchestrator.",
      required: ["PROXMOX_API_URL", "PROXMOX_CF_ACCESS_CLIENT_ID", "PROXMOX_CF_ACCESS_CLIENT_SECRET"],
    });
  }
  return res.json({ status: "configured", baseUrl: env.baseUrl });
}

export async function proxmoxClusterStatus(_req: Request, res: Response) {
  const env = readProxmoxEnv();
  if (!isProxmoxConfigured(env)) {
    return res.status(503).json({
      status: "unconfigured",
      online: false,
      nodes: [],
      message: "Proxmox BFF not configured. See GET /api/proxmox/health for required env vars.",
    });
  }
  const health = await getClusterHealth();
  return res.status(health.online ? 200 : 502).json(health);
}