export const prerender = false;
import type { APIContext } from 'astro';
import { isAuthenticated, ADMIN_COOKIE } from '@admin/lib/admin-auth';
interface Env { DB: D1Database }

function json(data: unknown, status = 200) {
  return new Response(JSON.stringify(data), { status, headers: { 'Content-Type': 'application/json' } });
}

// GET /api/admin/genres/[id] - single genre with all aliases
export async function GET({ params, locals, cookies }: APIContext) {
  const runtime = locals.runtime as { env: Env } | undefined;
  const db = runtime?.env?.DB;
  if (!db) return json({ error: 'no db' }, 503);
  if (!await isAuthenticated(cookies.get(ADMIN_COOKIE)?.value, db)) return json({ error: 'unauthorized' }, 401);

  const genre = await db.prepare('SELECT * FROM genres WHERE id = ?').bind(params.id).first();
  if (!genre) return json({ error: 'not found' }, 404);

  const aliases = await db.prepare(
    'SELECT alias, locale FROM genre_aliases WHERE genre_id = ? ORDER BY locale, alias'
  ).bind(params.id).all();

  return json({ genre, aliases: aliases.results });
}

// PUT /api/admin/genres/[id] - update genre names/sort_order
export async function PUT({ params, locals, cookies, request }: APIContext) {
  const runtime = locals.runtime as { env: Env } | undefined;
  const db = runtime?.env?.DB;
  if (!db) return json({ error: 'no db' }, 503);
  if (!await isAuthenticated(cookies.get(ADMIN_COOKIE)?.value, db)) return json({ error: 'unauthorized' }, 401);

  const body = await request.json() as { name_en?: string; name_ar?: string; name_ku?: string; sort_order?: number };
  const allowed = ['name_en', 'name_ar', 'name_ku', 'sort_order'] as const;
  const updates = Object.fromEntries(
    Object.entries(body).filter(([k]) => (allowed as readonly string[]).includes(k))
  );
  if (Object.keys(updates).length === 0) return json({ error: 'no valid fields' }, 400);

  const setClauses = Object.keys(updates).map(k => `${k} = ?`).join(', ');
  await db.prepare(`UPDATE genres SET ${setClauses} WHERE id = ?`)
    .bind(...Object.values(updates), params.id).run();

  return json({ ok: true });
}

// DELETE /api/admin/genres/[id]
export async function DELETE({ params, locals, cookies }: APIContext) {
  const runtime = locals.runtime as { env: Env } | undefined;
  const db = runtime?.env?.DB;
  if (!db) return json({ error: 'no db' }, 503);
  if (!await isAuthenticated(cookies.get(ADMIN_COOKIE)?.value, db)) return json({ error: 'unauthorized' }, 401);

  await db.prepare('DELETE FROM genres WHERE id = ?').bind(params.id).run();
  return json({ ok: true });
}

// PATCH /api/admin/genres/[id] - alias management
// Body: { action: 'add'|'remove', alias: string, locale?: string }
export async function PATCH({ params, locals, cookies, request }: APIContext) {
  const runtime = locals.runtime as { env: Env } | undefined;
  const db = runtime?.env?.DB;
  if (!db) return json({ error: 'no db' }, 503);
  if (!await isAuthenticated(cookies.get(ADMIN_COOKIE)?.value, db)) return json({ error: 'unauthorized' }, 401);

  const body = await request.json() as { action?: string; alias?: string; locale?: string };
  const { action, alias, locale } = body;
  if (!action || !alias) return json({ error: 'action and alias required' }, 400);

  const normalized = alias.toLowerCase().trim();
  if (!normalized) return json({ error: 'alias cannot be empty' }, 400);

  if (action === 'add') {
    try {
      await db.prepare(`INSERT INTO genre_aliases (alias, genre_id, locale) VALUES (?, ?, ?)`)
        .bind(normalized, params.id, locale ?? null).run();
    } catch (e: unknown) {
      const msg = e instanceof Error ? e.message : String(e);
      return json({ error: msg }, 409);
    }
  } else if (action === 'remove') {
    await db.prepare('DELETE FROM genre_aliases WHERE alias = ?').bind(normalized).run();
  } else {
    return json({ error: 'unknown action' }, 400);
  }

  return json({ ok: true });
}