import { NextResponse } from "next/server";
import { z } from "zod";
import { requirePlatformRole } from "@/lib/session";
import { getPlatformPricing, updatePlatformPricing } from "@/lib/db";
import { safeError } from "@/lib/errors";

/**
 * GET /api/admin/billing/pricing
 * Returns the single-row platform pricing config.
 *
 * PUT /api/admin/billing/pricing
 * Updates one or more pricing fields. Missing fields are left
 * unchanged.
 *
 * Both endpoints are platform-role only.
 */

const updateSchema = z.object({
  tenantMonthlyFeeChf: z.number().min(0).max(99_999_999).optional(),
  tenantSetupFeeChf: z.number().min(0).max(99_999_999).optional(),
  threemaMessageChf: z.number().min(0).max(1000).optional(),
  vatRateChli: z.number().min(0).max(100).optional(),
});

export async function GET() {
  try {
    await requirePlatformRole();
  } catch {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }
  const pricing = await getPlatformPricing();
  return NextResponse.json(pricing);
}

export async function PUT(request: Request) {
  try {
    await requirePlatformRole();
  } catch {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }
  const body = await request.json().catch(() => ({}));
  const parsed = updateSchema.safeParse(body);
  if (!parsed.success) {
    return NextResponse.json(
      { error: "Invalid pricing payload", details: parsed.error.flatten() },
      { status: 400 }
    );
  }
  try {
    const updated = await updatePlatformPricing(parsed.data);
    return NextResponse.json(updated);
  } catch (e) {
    console.error("Failed to update platform pricing:", e);
    return NextResponse.json(
      { error: safeError(e, "Update failed") },
      { status: 500 }
    );
  }
}