import { NextRequest, NextResponse } from "next/server";
import { createClient } from "@supabase/supabase-js";
import { createServiceClient } from "@/lib/supabase";

async function getKundeEmail(authHeader: string | null): Promise<string | null> {
  if (!authHeader?.startsWith("Bearer ")) return null;
  const token = authHeader.slice(7);

  const anonClient = createClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL!,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
  );
  const {
    data: { user },
    error,
  } = await anonClient.auth.getUser(token);
  if (error || !user?.email) return null;
  return user.email;
}

export async function GET(req: NextRequest) {
  const email = await getKundeEmail(req.headers.get("authorization"));
  if (!email) {
    return NextResponse.json({ error: "Nicht authentifiziert" }, { status: 401 });
  }

  const db = createServiceClient();

  const { data: anfragen, error } = await db
    .from("anfragen")
    .select("id, created_at, status, name, betreff, nachricht, email")
    .eq("email", email)
    .order("created_at", { ascending: false });

  if (error) {
    return NextResponse.json({ error: "Datenbankfehler" }, { status: 500 });
  }

  return NextResponse.json({ anfragen: anfragen ?? [] });
}