// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
import type {NextApiRequest, NextApiResponse} from "next";
import {app} from "@/firebase";
import {getFirestore, setDoc, doc} from "firebase/firestore";
import {withIronSessionApiRoute} from "iron-session/next";
import {sessionOptions} from "@/lib/session";
import {Type} from "@/interfaces/user";
import {PERMISSIONS} from "@/constants/userPermissions";
import {uuidv4} from "@firebase/util";

const db = getFirestore(app);

export default withIronSessionApiRoute(handler, sessionOptions);

async function handler(req: NextApiRequest, res: NextApiResponse) {
	if (!req.session.user) {
		res.status(401).json({ok: false});
		return;
	}

	const {type, codes} = req.body as {type: Type; codes: string[]};
	const permission = PERMISSIONS.generateCode[type];

	if (!permission.includes(req.session.user.type)) {
		res.status(403).json({ok: false});
		return;
	}

	for (const code of codes) {
		const codeRef = doc(db, "codes", uuidv4());
		await setDoc(codeRef, {type, code});
	}

	res.status(200).json({ok: true});
}