import { NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { AdminApiError, requireAdminForApi } from '@/lib/admin-auth'
import { logAdminAction } from '@/lib/audit'
import { createServiceRoleClient } from '@/lib/supabase/service'

const schema = z.object({
  reason: z.string().max(1000).default(''),
})

type RouteParams = {
  params: Promise<{ id: string }>
}

export async function POST(request: NextRequest, { params }: RouteParams) {
  try {
    const admin = await requireAdminForApi()
    const { id } = await params
    const body = schema.parse(await request.json())
    const requestId = Number(id)

    if (!Number.isFinite(requestId) || requestId <= 0) {
      return NextResponse.json({ error: 'Invalid request id' }, { status: 400 })
    }

    const supabase = createServiceRoleClient()
    const { error } = await supabase.rpc('admin_reject_subscription_request', {
      _request_id: requestId,
      _reason: body.reason,
      _decided_by: admin.userId,
    })

    if (error) {
      return NextResponse.json({ error: error.message }, { status: 400 })
    }

    await logAdminAction({
      adminUserId: admin.userId,
      action: 'reject_subscription_request',
      targetType: 'subscription_request',
      targetId: String(requestId),
      metadata: { reason: body.reason },
    })

    return NextResponse.json({ message: 'Demande rejetée avec succès.' })
  } catch (error) {
    if (error instanceof AdminApiError) {
      return NextResponse.json({ error: error.message }, { status: error.status })
    }

    if (error instanceof z.ZodError) {
      return NextResponse.json({ error: error.issues[0]?.message ?? 'Invalid payload' }, { status: 400 })
    }

    console.error(error)
    return NextResponse.json({ error: 'Unexpected error' }, { status: 500 })
  }
}
