import type { APIRoute } from 'astro';
import { db, eq } from 'astro:db';
import { ConsentLog } from '../db/config';

export const POST: APIRoute = async ({ request, clientAddress }) => {
  try {
    const body = await request.json();

    const {
      action = 'accept',
      purpose = 'all',
      analytics = false,
      marketing = false,
      functional = false,
    } = body;

    const ip = clientAddress || 'unknown';
    const userAgent = request.headers.get('user-agent') || 'unknown';

    const doc = await db.insert(ConsentLog).values({
      action,
      purpose,
      analytics,
      marketing,
      functional,
      ip,
      userAgent,
      timestamp: new Date(),
    });

    return new Response(JSON.stringify({
      success: true,
      doc,
    }), {
      status: 200,
      headers: { 'Content-Type': 'application/json' },
    });
  } catch (error) {
    console.error('Consent API error:', error);
    return new Response(JSON.stringify({
      success: false,
      error: 'Failed to log consent',
    }), {
      status: 500,
      headers: { 'Content-Type': 'application/json' },
    });
  }
};

export const GET: APIRoute = async ({ request }) => {
  try {
    const url = new URL(request.url);
    const sessionId = url.searchParams.get('sessionId');

    let docs;
    if (sessionId) {
      docs = await db.select().from(ConsentLog).where(
        eq(ConsentLog.sessionId, sessionId)
      );
    } else {
      docs = await db.select().from(ConsentLog);
    }

    return new Response(JSON.stringify({
      success: true,
      docs,
    }), {
      status: 200,
      headers: { 'Content-Type': 'application/json' },
    });
  } catch (error) {
    console.error('Consent GET error:', error);
    return new Response(JSON.stringify({
      success: false,
      error: 'Failed to retrieve consent logs',
    }), {
      status: 500,
      headers: { 'Content-Type': 'application/json' },
    });
  }
};

export const DELETE: APIRoute = async ({ request }) => {
  try {
    const url = new URL(request.url);
    const sessionId = url.searchParams.get('sessionId');

    if (!sessionId) {
      return new Response(JSON.stringify({
        success: false,
        error: 'sessionId is required',
      }), {
        status: 400,
        headers: { 'Content-Type': 'application/json' },
      });
    }

    const deleted = await db.delete(ConsentLog).where(
      eq(ConsentLog.sessionId, sessionId)
    );

    return new Response(JSON.stringify({
      success: true,
      deleted,
      message: 'All consent records for this session have been deleted',
    }), {
      status: 200,
      headers: { 'Content-Type': 'application/json' },
    });
  } catch (error) {
    console.error('Right to be forgotten error:', error);
    return new Response(JSON.stringify({
      success: false,
      error: 'Failed to delete consent records',
    }), {
      status: 500,
      headers: { 'Content-Type': 'application/json' },
    });
  }
};