import { NextResponse } from "next/server";
import { prisma } from "../../../lib/prisma";
import { isAdminSession, requireSession } from "../../../lib/auth-helpers";

export async function GET(request: Request) {
  const { session } = await requireSession();
  if (!session) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

  const { searchParams } = new URL(request.url);
  const status = searchParams.get("status");
  const isAdmin = isAdminSession(session);

  const where = isAdmin
    ? status
      ? { status }
      : {}
    : {
        OR: [
          { status: "APPROVED" },
          { createdBy: { email: session.user?.email || "" } }
        ]
      };

  const events = await prisma.event.findMany({
    where,
    orderBy: { startAt: "asc" }
  });

  return NextResponse.json(events);
}

export async function POST(request: Request) {
  const { session } = await requireSession();
  if (!session) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

  const body = await request.json();
  const { title, description, location, startAt, endAt } = body || {};

  if (!title || !startAt || !endAt) {
    return NextResponse.json(
      { error: "Titel, Start und Ende sind erforderlich." },
      { status: 400 }
    );
  }

  const event = await prisma.event.create({
    data: {
      title,
      description: description || null,
      location: location || null,
      startAt: new Date(startAt),
      endAt: new Date(endAt),
      status: isAdminSession(session) ? "APPROVED" : "PENDING",
      createdBy: { connect: { email: session.user?.email || "" } }
    }
  });

  return NextResponse.json(event, { status: 201 });
}