// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
import type {NextApiRequest, NextApiResponse} from "next";
import {app} from "@/firebase";
import {getFirestore, doc, setDoc, getDoc} from "firebase/firestore";
import {withIronSessionApiRoute} from "iron-session/next";
import {sessionOptions} from "@/lib/session";
import {getPermissionDoc} from "@/utils/permissions.be";

const db = getFirestore(app);

export default withIronSessionApiRoute(handler, sessionOptions);

async function handler(req: NextApiRequest, res: NextApiResponse) {
	if (req.method === "PATCH") return patch(req, res);
	if (req.method === "GET") return get(req, res);
}

async function get(req: NextApiRequest, res: NextApiResponse) {
	if (!req.session.user) {
		res.status(401).json({ok: false});
		return;
	}

	const {id} = req.query as {id: string};

	const permissionDoc = await getPermissionDoc(id);
	return res.status(200).json({allowed: permissionDoc.users.includes(req.session.user.id)});
}

async function patch(req: NextApiRequest, res: NextApiResponse) {
	if (!req.session.user) {
		res.status(401).json({ok: false});
		return;
	}

	const {id} = req.query as {id: string};
	const {users} = req.body;

	try {
		await setDoc(doc(db, "permissions", id), {users}, {merge: true});
		return res.status(200).json({ok: true});
	} catch (err) {
		console.error(err);
		return res.status(500).json({ok: false});
	}
}