import { NextRequest, NextResponse } from 'next/server';
import { eq } from 'drizzle-orm';
import { db, wishlists } from '@/lib/db';
import { getGuestFromRequest, verifyAdminToken } from '@/lib/auth/tokens';

export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ slug: string }> }
) {
  try {
    const { slug } = await params;
    const isAdmin = verifyAdminToken(request);
    const guest = await getGuestFromRequest(request);

    const wishlist = await db
      .select()
      .from(wishlists)
      .where(eq(wishlists.slug, slug))
      .limit(1);

    if (wishlist.length === 0) {
      return NextResponse.json(
        { error: 'Wishlist not found' },
        { status: 404 }
      );
    }

    // Public wishlists can be viewed anonymously; private wishlists require admin or guest access.
    if (!wishlist[0].isPublic && !isAdmin && !guest) {
      return NextResponse.json(
        { error: 'Convite necessário' },
        { status: 401 }
      );
    }

    return NextResponse.json({
      success: true,
      wishlist: wishlist[0],
    });
  } catch (error) {
    console.error('Error fetching wishlist by slug:', error);
    return NextResponse.json(
      { error: 'Failed to fetch wishlist' },
      { status: 500 }
    );
  }
}