import { NextRequest, NextResponse } from "next/server";
import { createServiceClient } from "@/lib/supabase";
import { verifyActionToken } from "@/lib/admin-auth";
import { markActionTokenUsed } from "@/lib/token-blacklist";

export async function GET(req: NextRequest) {
  const token = req.nextUrl.searchParams.get("token");

  if (!token) {
    return NextResponse.json({ error: "Token erforderlich" }, { status: 400 });
  }

  const actionToken = await verifyActionToken(token);
  if (!actionToken) {
    return NextResponse.json({ error: "Token ungültig oder abgelaufen" }, { status: 400 });
  }

  const { anfrageId, status } = actionToken;
  const appUrl = process.env.APP_URL ?? "https://mbo-tech-it.de";
  const ipAddr = req.headers.get("x-forwarded-for") || req.headers.get("x-real-ip") || "unknown";

  const [, tokenSig] = token.split(".");
  await markActionTokenUsed(tokenSig, anfrageId, status, ipAddr);

  try {
    const db = createServiceClient();

    const { error } = await db
      .from("anfragen")
      .update({ status })
      .eq("id", anfrageId);

    if (error) {
      console.error(`[Action] Fehler beim Update von Anfrage ${anfrageId}:`, error);
      return NextResponse.json({ error: "Statusaktualisierung fehlgeschlagen" }, { status: 500 });
    }

    return NextResponse.redirect(`${appUrl}/admin/statistik?action=done`);
  } catch (err) {
    console.error("[Action] Unerwarteter Fehler:", err);
    return NextResponse.json({ error: "Ein Fehler ist aufgetreten" }, { status: 500 });
  }
}