pontus-front/app/api/admin/services/route.ts

import { db } from "@/db";
import { services, userServices, user } from "@/db/schema";
import { auth } from "@/util/auth";
import { eq, and } from "drizzle-orm";
import { NextRequest } from "next/server";
import { nanoid } from "nanoid";

export async function GET(request: NextRequest) {
  try {
    const session = await auth.api.getSession({
      headers: request.headers
    });

    if (!session || session.user.role !== 'admin') {
      return Response.json({ error: "Unauthorized" }, { status: 401 });
    }

    const allServices = await db.select({
      id: services.id,
      name: services.name,
      description: services.description,
      priceStatus: services.priceStatus,
      joinLink: services.joinLink,
      enabled: services.enabled,
      createdAt: services.createdAt,
      updatedAt: services.updatedAt
    })
    .from(services)
    .orderBy(services.name);

    const serviceAssignments = await db.select({
      serviceId: userServices.serviceId,
      userId: userServices.userId,
      userName: user.name,
      userEmail: user.email,
      grantedAt: userServices.grantedAt
    })
    .from(userServices)
    .innerJoin(user, eq(userServices.userId, user.id))
    .orderBy(user.name);

    const servicesWithUsers = allServices.map(service => ({
      ...service,
      users: serviceAssignments.filter(assignment => assignment.serviceId === service.id)
    }));

    return Response.json({ services: servicesWithUsers });
  } catch (error) {
    console.error("Error fetching services:", error);
    return Response.json({ error: "Internal server error" }, { status: 500 });
  }
}

export async function POST(request: NextRequest) {
  try {
    const session = await auth.api.getSession({
      headers: request.headers
    });

    if (!session || session.user.role !== 'admin') {
      return Response.json({ error: "Unauthorized" }, { status: 401 });
    }

    const { action, userId, serviceId } = await request.json();

    if (!action || !userId || !serviceId) {
      return Response.json({ error: "Action, user ID, and service ID are required" }, { status: 400 });
    }

    if (action === 'grant') {
      const existingAccess = await db.select()
        .from(userServices)
        .where(and(
          eq(userServices.userId, userId),
          eq(userServices.serviceId, serviceId)
        ))
        .limit(1);

      if (existingAccess.length > 0) {
        return Response.json({ error: "User already has access to this service" }, { status: 400 });
      }

      await db.insert(userServices).values({
        id: nanoid(),
        userId,
        serviceId,
        grantedBy: session.user.id,
        grantedAt: new Date(),
        createdAt: new Date()
      });

      return Response.json({ success: true, message: "Access granted" });

    } else if (action === 'revoke') {
      await db.delete(userServices)
        .where(and(
          eq(userServices.userId, userId),
          eq(userServices.serviceId, serviceId)
        ));

      return Response.json({ success: true, message: "Access revoked" });

    } else {
      return Response.json({ error: "Invalid action. Use 'grant' or 'revoke'" }, { status: 400 });
    }

  } catch (error) {
    console.error("Error managing service access:", error);
    return Response.json({ error: "Internal server error" }, { status: 500 });
  }
}

export async function PUT(request: NextRequest) {
  try {
    const session = await auth.api.getSession({
      headers: request.headers
    });

    if (!session || session.user.role !== 'admin') {
      return Response.json({ error: "Unauthorized" }, { status: 401 });
    }

    const { serviceId, enabled, priceStatus, description, joinLink } = await request.json();

    if (!serviceId) {
      return Response.json({ error: "Service ID is required" }, { status: 400 });
    }

    const updates: {
      updatedAt: Date;
      enabled?: boolean;
      priceStatus?: string;
      description?: string;
      joinLink?: string | null;
    } = {
      updatedAt: new Date()
    };

    if (typeof enabled === 'boolean') {
      updates.enabled = enabled;
    }

    if (priceStatus && ['open', 'invite-only', 'by-request'].includes(priceStatus)) {
      updates.priceStatus = priceStatus;
    }

    if (description !== undefined) {
      updates.description = description;
    }

    if (joinLink !== undefined) {
      updates.joinLink = joinLink || null;
    }

    await db.update(services)
      .set(updates)
      .where(eq(services.id, serviceId));

    return Response.json({ success: true, message: "Service updated successfully" });

  } catch (error) {
    console.error("Error updating service:", error);
    return Response.json({ error: "Internal server error" }, { status: 500 });
  }
}