import { json, error } from '@sveltejs/kit';
import { getDb, newId, rows, row } from '$lib/server/db';
import { requireAuth } from '$lib/server/auth';

export async function GET({ request }) {
	const u = await requireAuth(request);
	const db = getDb();
	const items = db.prepare(
		'SELECT * FROM beitraege WHERE verein_id = ? ORDER BY name'
	).all(u.verein_id);
	return json(rows(items as Record<string, unknown>[]));
}

export async function POST({ request }) {
	const u = await requireAuth(request);
	const db = getDb();
	const body = await request.json();

	if (!body.name || body.betrag == null) throw error(400, 'Name und Betrag sind Pflichtfelder');

	const id = newId();

	db.prepare(`
		INSERT INTO beitraege (id, verein_id, name, betrag, rhythmus, beschreibung)
		VALUES (?, ?, ?, ?, ?, ?)
	`).run(
		id,
		u.verein_id,
		body.name,
		body.betrag,
		body.rhythmus ?? 'jaehrlich',
		body.beschreibung ?? null
	);

	const beitrag = db.prepare('SELECT * FROM beitraege WHERE id = ?').get(id);
	return json(row(beitrag as Record<string, unknown>), { status: 201 });
}