import { NextRequest, NextResponse } from "next/server";
import { auth } from "@/auth";
import { getDomains, createDomain } from "@/lib/mailcow";
import { canAccessDomain } from "@/lib/users";

// GET /api/domains — list domains (filtered by session)
export async function GET() {
  const session = await auth();
  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });

  const allDomains = await getDomains();
  const userDomains = session.user.domains ?? [];

  // Super admin sees all, domain admin only sees their domains
  const visible = allDomains.filter((d) => canAccessDomain(userDomains, d.domain_name));

  return NextResponse.json(visible);
}

// POST /api/domains — create domain (super admin only)
export async function POST(req: NextRequest) {
  const session = await auth();
  if (!session || session.user.role !== "SUPER_ADMIN") {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }

  const body = await req.json();
  const { domain, description, mailboxes, quota, maxquota } = body;

  if (!domain) return NextResponse.json({ error: "domain gerekli" }, { status: 400 });

  const result = await createDomain({ domain, description, mailboxes, quota, maxquota });
  
  if (result.ok && Array.isArray(result.data)) {
    const hasError = result.data.some((item: any) => item.type === "error");
    if (hasError) {
      return NextResponse.json(result.data, { status: 400 });
    }
  }

  return NextResponse.json(result.data, { status: result.ok ? 200 : 502 });
}