import { NextResponse } from "next/server";
import { requirePlatformRole } from "@/lib/session";
import { getTenantRequestById, updateTenantRequestStatus } from "@/lib/db";
import { sendRejectionEmail } from "@/lib/email";

/**
 * POST /api/admin/requests/[id]/reject
 * Reject a tenant request and notify the customer.
 */
export async function POST(
  request: Request,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    await requirePlatformRole();
  } catch {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }

  const { id } = await params;
  const body = await request.json().catch(() => ({}));
  const adminNotes = body.adminNotes as string | undefined;

  const tenantRequest = await getTenantRequestById(id);
  if (!tenantRequest) {
    return NextResponse.json({ error: "Request not found" }, { status: 404 });
  }

  if (tenantRequest.status !== "pending") {
    return NextResponse.json(
      { error: `Request is already ${tenantRequest.status}` },
      { status: 400 }
    );
  }

  const updated = await updateTenantRequestStatus(id, "rejected", {
    adminNotes,
  });

  // Notify customer
  await sendRejectionEmail(
    tenantRequest.contactEmail,
    tenantRequest.contactName,
    tenantRequest.companyName,
    adminNotes
  );

  return NextResponse.json({
    message: "Request rejected.",
    request: updated,
  });
}