import { NextRequest, NextResponse } from "next/server";
import { createClient } from "@supabase/supabase-js";
import { createServiceClient } from "@/lib/supabase";

// Validiert den Bearer-Token und gibt die E-Mail-Adresse zurück
async function getKundeEmail(authHeader: string | null): Promise<string | null> {
  if (!authHeader?.startsWith("Bearer ")) return null;
  const token = authHeader.slice(7);

  const anonClient = createClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL!,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
  );
  const { data: { user }, error } = await anonClient.auth.getUser(token);
  if (error || !user?.email) return null;
  return user.email;
}

export async function GET(req: NextRequest) {
  const email = await getKundeEmail(req.headers.get("authorization"));
  if (!email) {
    return NextResponse.json({ error: "Nicht authentifiziert" }, { status: 401 });
  }

  const db = createServiceClient();

  // Anfragen nach E-Mail + zugehörige Positionen laden
  const { data: anfragen, error } = await db
    .from("anfragen")
    .select(`
      id,
      created_at,
      status,
      firma,
      telefon,
      email,
      notizen,
      anfragen_positionen (
        id,
        maschine_name,
        mietbeginn,
        mietende,
        gesamt_tage,
        lieferung,
        tagessatz
      )
    `)
    .eq("email", email)
    .order("created_at", { ascending: false });

  if (error) {
    return NextResponse.json({ error: "Datenbankfehler" }, { status: 500 });
  }

  return NextResponse.json({ anfragen: anfragen ?? [] });
}