import { NextRequest, NextResponse } from 'next/server'
import { db } from '@/lib/db'
import { requireAuth } from '@/lib/api-auth'

export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    const authResult = await requireAuth()(request)
    if ('error' in authResult) return authResult.error

    const { user } = authResult
    const { id } = await params

    const review = await db.review.findFirst({
      where: { id, deletedAt: null },
      include: {
        customer: { select: { id: true, name: true, email: true, phone: true } },
        assignedTo: { select: { id: true, name: true, email: true } },
        photos: { orderBy: { uploadedAt: 'asc' } },
        responses: {
          include: {
            supervisor: { select: { id: true, name: true, email: true } },
          },
          orderBy: { createdAt: 'desc' },
        },
      },
    })

    if (!review) {
      return NextResponse.json(
        { error: 'Reseña no encontrada' },
        { status: 404 }
      )
    }

    // CUSTOMER can only see their own reviews
    if (user.role === 'CUSTOMER' && review.customerId !== user.id) {
      return NextResponse.json(
        { error: 'Acceso denegado' },
        { status: 403 }
      )
    }

    if (user.role === 'CUSTOMER') {
      const filteredReview = {
        ...review,
        responses: review.responses.map(r => ({
          id: r.id,
          reviewId: r.reviewId,
          supervisorId: r.supervisorId,
          supervisor: r.supervisor,
          responseToClient: r.responseToClient,
          createdAt: r.createdAt,
        })),
      }
      return NextResponse.json({ review: filteredReview })
    }

    return NextResponse.json({ review })
  } catch (error) {
    console.error('Error al obtener reseña:', error)
    return NextResponse.json(
      { error: 'Error interno del servidor' },
      { status: 500 }
    )
  }
}

export async function DELETE(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    const authResult = await requireAuth(['MANAGER', 'ADMIN'])(request)
    if ('error' in authResult) return authResult.error

    const { id } = await params

    const review = await db.review.findFirst({ where: { id, deletedAt: null } })

    if (!review) {
      return NextResponse.json(
        { error: 'Reseña no encontrada' },
        { status: 404 }
      )
    }

    // Soft delete: mark the review as deleted
    await db.review.update({ where: { id }, data: { deletedAt: new Date() } })

    return NextResponse.json({ message: 'Reseña eliminada exitosamente' })
  } catch (error) {
    console.error('Error al eliminar reseña:', error)
    return NextResponse.json(
      { error: 'Error interno del servidor' },
      { status: 500 }
    )
  }
}
