import { NextResponse } from "next/server";
import { requirePlatformRole } from "@/lib/session";
import { deleteInvoice, getInvoiceDetail } from "@/lib/db";
import { safeError } from "@/lib/errors";

/**
 * GET /api/admin/billing/invoices/[id]
 * Detail view: invoice + lines.
 *
 * DELETE /api/admin/billing/invoices/[id]
 * Hard delete (testing tool). Invoice number is consumed — gaps
 * in the sequence are intentional and documented. Reminders
 * (and their PDFs) cascade-delete via the FK.
 */
export async function GET(
  _request: Request,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    await requirePlatformRole();
  } catch {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }
  const { id } = await params;
  const detail = await getInvoiceDetail(id);
  if (!detail) {
    return NextResponse.json({ error: "Not found" }, { status: 404 });
  }
  return NextResponse.json(detail);
}

export async function DELETE(
  _request: Request,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    await requirePlatformRole();
  } catch {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }
  const { id } = await params;
  try {
    const ok = await deleteInvoice(id);
    if (!ok) {
      return NextResponse.json({ error: "Not found" }, { status: 404 });
    }
    return NextResponse.json({ message: "Deleted." });
  } catch (e) {
    console.error("Failed to delete invoice:", e);
    return NextResponse.json(
      { error: safeError(e, "Delete failed") },
      { status: 500 }
    );
  }
}