import { NextRequest, NextResponse } from 'next/server'
import { requireAdmin } from '@/lib/admin-auth'
import { createServiceClient } from '@/lib/supabase'

const BUCKET = 'galerie-bilder'
const ALLOWED = ['image/jpeg', 'image/jpg', 'image/png', 'image/webp']
const MAX_SIZE = 10 * 1024 * 1024

export async function GET() {
  const check = await requireAdmin()
  if (check instanceof NextResponse) return check
  const db = createServiceClient()
  const { data, error } = await db.from('galerie_bilder').select('*').order('reihenfolge')
  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
  const base = (process.env.SUPABASE_INTERNAL_URL ?? process.env.NEXT_PUBLIC_SUPABASE_URL!).replace(/\/$/, '')
  const bilder = (data ?? []).map(b => ({ ...b, url: `${base}/storage/v1/object/public/${BUCKET}/${b.storage_path}` }))
  return NextResponse.json({ bilder })
}

export async function POST(req: NextRequest) {
  const check = await requireAdmin()
  if (check instanceof NextResponse) return check

  const formData = await req.formData()
  const file = formData.get('file') as File | null
  const altText = (formData.get('alt_text') as string) ?? ''
  if (!file) return NextResponse.json({ error: 'Keine Datei.' }, { status: 400 })
  if (!ALLOWED.includes(file.type)) return NextResponse.json({ error: 'Nur JPG, PNG oder WebP.' }, { status: 400 })
  if (file.size > MAX_SIZE) return NextResponse.json({ error: 'Maximal 10 MB.' }, { status: 400 })

  const db = createServiceClient()
  const ext = file.name.split('.').pop() ?? 'jpg'
  const storagePath = `galerie/${Date.now()}.${ext}`

  const { error: uploadErr } = await db.storage.from(BUCKET).upload(storagePath, await file.arrayBuffer(), { contentType: file.type, upsert: false })
  if (uploadErr) return NextResponse.json({ error: uploadErr.message }, { status: 500 })

  const { data: existing } = await db.from('galerie_bilder').select('reihenfolge').order('reihenfolge', { ascending: false }).limit(1)
  const reihenfolge = (existing?.[0]?.reihenfolge ?? -1) + 1

  const { data, error: dbErr } = await db.from('galerie_bilder').insert({ storage_path: storagePath, alt_text: altText, reihenfolge }).select().single()
  if (dbErr) return NextResponse.json({ error: dbErr.message }, { status: 500 })
  return NextResponse.json({ bild: data }, { status: 201 })
}

export async function PATCH(req: NextRequest) {
  const check = await requireAdmin()
  if (check instanceof NextResponse) return check
  const { id, alt_text } = await req.json()
  if (!id) return NextResponse.json({ error: 'id erforderlich' }, { status: 400 })
  const db = createServiceClient()
  const { error } = await db.from('galerie_bilder').update({ alt_text }).eq('id', id)
  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
  return NextResponse.json({ success: true })
}

export async function DELETE(req: NextRequest) {
  const check = await requireAdmin()
  if (check instanceof NextResponse) return check

  const { id, storagePath } = await req.json()
  if (!id || !storagePath) return NextResponse.json({ error: 'id und storagePath erforderlich' }, { status: 400 })
  const db = createServiceClient()
  await db.storage.from(BUCKET).remove([storagePath])
  await db.from('galerie_bilder').delete().eq('id', id)
  return NextResponse.json({ success: true })
}