// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
import type { NextApiRequest, NextApiResponse } from "next";
import client from "@/lib/mongodb";
import { withIronSessionApiRoute } from "iron-session/next";
import { sessionOptions } from "@/lib/session";
import { Group } from "@/interfaces/user";
import { Discount, Package } from "@/interfaces/paypal";
import { v4 } from "uuid";

const db = client.db(process.env.MONGODB_DB);

export default withIronSessionApiRoute(handler, sessionOptions);

async function handler(req: NextApiRequest, res: NextApiResponse) {
  if (req.method === "GET") await get(req, res);
  if (req.method === "POST") await post(req, res);
  if (req.method === "DELETE") return del(req, res);
}

async function get(req: NextApiRequest, res: NextApiResponse) {
  if (!req.session.user) {
    res.status(401).json({ ok: false });
    return;
  }

  const snapshot = await db.collection("discounts").find({}).toArray();
  res.status(200).json(snapshot);
}

async function post(req: NextApiRequest, res: NextApiResponse) {
  if (!req.session.user) {
    res.status(401).json({ ok: false });
    return;
  }

  if (!["developer", "admin"].includes(req.session.user!.type))
    return res.status(403).json({
      ok: false,
      reason: "You do not have permission to create a new discount",
    });

  const body = req.body as Discount;

  await db.collection("discounts").insertOne({ ...body });

  res.status(200).json({ ok: true });
}

async function del(req: NextApiRequest, res: NextApiResponse) {
  if (!req.session.user) {
    res
      .status(401)
      .json({ ok: false, reason: "You must be logged in to generate a code!" });
    return;
  }

  const discounts = req.query.discount as string[];

  for (const discount of discounts) {
    const snapshot = await db.collection("discounts").findOne({ id: discount as string });
    if (!snapshot) continue;

    await db.collection("discounts").deleteOne({ id: discount as string });
  }

  res.status(200).json({ discounts });
}