import { NextResponse } from 'next/server';
import { revalidateTag, revalidatePath } from 'next/cache';
import { withErrorHandler } from '@server/middleware/withErrorHandler';
import { withAuth, AuthedRequest } from '@server/middleware/withAuth';
import { ForbiddenError, ValidationError } from '@server/errors';
import { db, platformSettings } from '@server/db/drizzle';
import { sql, inArray } from 'drizzle-orm';

const BRANDING_KEYS = ['site_logo_url', 'site_favicon_url', 'site_primary_color', 'site_font_family', 'site_title', 'site_tagline', 'site_support_email', 'site_marketing_url'] as const;
type BrandingKey = typeof BRANDING_KEYS[number];

export const GET = withErrorHandler(
  withAuth(async (req: AuthedRequest) => {
    if (req.session.role !== 'superadmin' && req.session.role !== 'support') {
      throw new ForbiddenError();
    }

    const rows = await db.select({ key: platformSettings.key, value: platformSettings.value })
      .from(platformSettings)
      .where(inArray(platformSettings.key, [...BRANDING_KEYS]));

    const branding: Record<string, string> = {};
    for (const row of rows) {
      const v = row.value;
      branding[row.key] = typeof v === 'string' ? v : JSON.parse(JSON.stringify(v));
    }
    return NextResponse.json({ branding });
  })
);

export const POST = withErrorHandler(
  withAuth(async (req: AuthedRequest) => {
    if (req.session.role !== 'superadmin' && req.session.role !== 'support') {
      throw new ForbiddenError();
    }
    let body: Record<string, string>;
    try {
      body = await req.json() as Record<string, string>;
    } catch {
      throw new ValidationError('Request body must be valid JSON');
    }
    const updates: { key: BrandingKey; value: string }[] = [];
    for (const key of BRANDING_KEYS) {
      if (key in body) {
        updates.push({ key, value: body[key] });
      }
    }
    if (updates.length === 0) {
      throw new ValidationError('No valid branding keys provided');
    }

    for (const { key, value } of updates) {
      await db.execute(sql`
        INSERT INTO public.platform_settings (key, value, updated_by, updated_at)
        VALUES (${key}, ${JSON.stringify(value)}::jsonb, ${req.session.userId}, now())
        ON CONFLICT (key) DO UPDATE SET value = ${JSON.stringify(value)}::jsonb, updated_by = ${req.session.userId}, updated_at = now()
      `);
    }
    revalidateTag('branding');
    revalidatePath('/favicon.ico');
    return NextResponse.json({ ok: true });
  })
);