chadebebe/app/api/wishlists/[id]/items/route.ts

import { NextRequest, NextResponse } from 'next/server';
import { eq, and, desc } from 'drizzle-orm';
import { db, wishlistItems, wishlists } from '@/lib/db';
import { verifyAdminToken, getGuestFromRequest } from '@/lib/auth/tokens';
import { attachClaimsToItems } from '@/lib/items-with-claims';

export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    const { id } = await params;

    const isAdmin = verifyAdminToken(request);
    const guest = await getGuestFromRequest(request);
    if (!isAdmin && !guest) {
      return NextResponse.json({ error: 'Convite necessário' }, { status: 401 });
    }

    // Check if wishlist exists
    const wishlist = await db
      .select()
      .from(wishlists)
      .where(eq(wishlists.id, id))
      .limit(1);

    if (wishlist.length === 0) {
      return NextResponse.json(
        { error: 'Wishlist not found' },
        { status: 404 }
      );
    }

    // Permissions: guest can only see public wishlists; admin sees all
    if (!wishlist[0].isPublic && !isAdmin) {
      return NextResponse.json(
        { error: 'This wishlist is private' },
        { status: 403 }
      );
    }

    // Get all items (exclude archived unless admin)
    const raw = await db
      .select()
      .from(wishlistItems)
      .where(
        isAdmin
          ? eq(wishlistItems.wishlistId, id)
          : and(
              eq(wishlistItems.wishlistId, id),
              eq(wishlistItems.isArchived, false)
            )
      )
      .orderBy(wishlistItems.sortOrder);

    const items = await attachClaimsToItems(raw);

    return NextResponse.json({
      success: true,
      items,
    });
  } catch (error) {
    console.error('Error fetching items:', error);
    return NextResponse.json(
      { error: 'Failed to fetch items' },
      { status: 500 }
    );
  }
}

export async function POST(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    if (!verifyAdminToken(request)) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

    const { id } = await params;
    const body = await request.json();
    const {
      name,
      description,
      quantity,
      imageUrl,
      purchaseUrls,
    } = body;

    // Validation
    if (!name) {
      return NextResponse.json(
        { error: 'Item name is required' },
        { status: 400 }
      );
    }

    // Check if wishlist exists
    const wishlist = await db
      .select()
      .from(wishlists)
      .where(eq(wishlists.id, id))
      .limit(1);

    if (wishlist.length === 0) {
      return NextResponse.json(
        { error: 'Wishlist not found' },
        { status: 404 }
      );
    }

    // Get the highest sortOrder value to append the new item at the end
    const lastItem = await db
      .select()
      .from(wishlistItems)
      .where(eq(wishlistItems.wishlistId, id))
      .orderBy(desc(wishlistItems.sortOrder))
      .limit(1);

    const nextSortOrder = lastItem.length > 0 ? lastItem[0].sortOrder + 1 : 0;

    // Create item
    const newItem = await db
      .insert(wishlistItems)
      .values({
        wishlistId: id,
        name,
        description: description || null,
        quantity: quantity || 1,
        imageUrl: imageUrl || null,
        purchaseUrls: purchaseUrls || null,
        sortOrder: nextSortOrder,
      })
      .returning();

    return NextResponse.json(
      {
        success: true,
        item: newItem[0],
      },
      { status: 201 }
    );
  } catch (error) {
    console.error('Error creating item:', error);
    return NextResponse.json(
      { error: 'Failed to create item' },
      { status: 500 }
    );
  }
}