fitaiProto/apps/admin/src/app/api/recommendations/route.ts

import { NextResponse } from 'next/server'
import { auth } from '@clerk/nextjs/server'
import { getDatabase } from '@/lib/database'

export async function GET(request: Request) {
    try {
        const { userId: currentUserId } = await auth()
        if (!currentUserId) {
            return new NextResponse('Unauthorized', { status: 401 })
        }

        const { searchParams } = new URL(request.url)
        const targetUserId = searchParams.get('userId')

        const db = await getDatabase()

        // If no userId provided, check if staff and return all recommendations
        if (!targetUserId) {
            const currentUser = await db.getUserById(currentUserId)
            const isStaff = currentUser?.role === 'admin' || currentUser?.role === 'superAdmin' || currentUser?.role === 'trainer'

            if (!isStaff) {
                return new NextResponse('User ID is required', { status: 400 })
            }

            const recommendations = await db.getAllRecommendations()
            return NextResponse.json({ recommendations })
        }

        // Check permissions: Users can view their own, Admins/Trainers can view anyone's
        const currentUser = await db.getUserById(currentUserId)
        const isStaff = currentUser?.role === 'admin' || currentUser?.role === 'superAdmin' || currentUser?.role === 'trainer'

        if (currentUserId !== targetUserId) {
            if (!isStaff) {
                return new NextResponse('Forbidden', { status: 403 })
            }
        }

        let recommendations = await db.getRecommendationsByUserId(targetUserId)

        // Non-staff users should only see approved recommendations
        if (!isStaff) {
            recommendations = recommendations.filter((rec: any) => rec.status === 'approved')
        }

        return NextResponse.json(recommendations)
    } catch (error) {
        console.error('Error fetching recommendations:', error)
        return new NextResponse('Internal Server Error', { status: 500 })
    }
}

export async function POST(request: Request) {
    try {
        const { userId: currentUserId } = await auth()
        if (!currentUserId) {
            return new NextResponse('Unauthorized', { status: 401 })
        }

        const db = await getDatabase()
        const currentUser = await db.getUserById(currentUserId)
        const isStaff = currentUser?.role === 'admin' || currentUser?.role === 'superAdmin' || currentUser?.role === 'trainer'

        if (!isStaff) {
            return new NextResponse('Forbidden', { status: 403 })
        }

        const body = await request.json()
        const { userId, fitnessProfileId, recommendationText, activityPlan, dietPlan, status, type, content } = body

        // Handle AI Plan (Legacy/Specific)
        if (recommendationText && activityPlan && dietPlan && fitnessProfileId) {
            const recommendation = await db.createRecommendation({
                id: crypto.randomUUID(),
                userId,
                fitnessProfileId,
                type: 'ai_plan',
                content: recommendationText,
                activityPlan,
                dietPlan,
                status: status || 'pending'
            })
            return NextResponse.json(recommendation)
        }

        // Handle User Goal (Generic)
        if (type && content) {
            const recommendation = await db.createRecommendation({
                id: crypto.randomUUID(),
                userId,
                type,
                content,
                status: status || 'pending'
            })
            return NextResponse.json(recommendation)
        }

        return NextResponse.json('Missing required fields', { status: 400 })

    } catch (error) {
        console.error('Error creating recommendation:', error)
        return new NextResponse('Internal Server Error', { status: 500 })
    }
}

export async function PUT(request: Request) {
    try {
        const { userId: currentUserId } = await auth()
        if (!currentUserId) {
            return new NextResponse('Unauthorized', { status: 401 })
        }

        const body = await request.json()
        const { id, status, recommendationText, activityPlan, dietPlan, content } = body

        if (!id) {
            return new NextResponse('Recommendation ID is required', { status: 400 })
        }

        const db = await getDatabase()

        const updated = await db.updateRecommendation(id, {
            ...(status && { status }),
            ...(recommendationText && { content: recommendationText }), // Map legacy field
            ...(content && { content }),
            ...(activityPlan && { activityPlan }),
            ...(dietPlan && { dietPlan })
        })

        return NextResponse.json(updated)
    } catch (error) {
        console.error('Error updating recommendation:', error)
        return new NextResponse('Internal Server Error', { status: 500 })
    }
}