import { json, error } from '@sveltejs/kit';
import { getDb, newId, rows, row } from '$lib/server/db';
import { requireAuth } from '$lib/server/auth';

export async function GET({ request, url }) {
	const u = await requireAuth(request);
	const db = getDb();

	const beitrag_id = url.searchParams.get('beitrag_id');

	let items;
	if (beitrag_id) {
		items = db.prepare(`
			SELECT r.* FROM reaktionen r
			JOIN neuigkeiten n ON n.id = r.beitrag_id
			WHERE r.beitrag_id = ? AND n.verein_id = ?
			ORDER BY r.created
		`).all(beitrag_id, u.verein_id);
	} else {
		items = db.prepare(`
			SELECT r.* FROM reaktionen r
			JOIN neuigkeiten n ON n.id = r.beitrag_id
			WHERE n.verein_id = ?
			ORDER BY r.created
		`).all(u.verein_id);
	}

	return json(rows(items as Record<string, unknown>[]));
}

export async function POST({ request }) {
	const u = await requireAuth(request);
	const db = getDb();
	const body = await request.json();

	if (!body.beitrag_id) throw error(400, 'beitrag_id ist erforderlich');

	const beitrag = db.prepare(
		'SELECT id FROM neuigkeiten WHERE id = ? AND verein_id = ?'
	).get(body.beitrag_id, u.verein_id);
	if (!beitrag) throw error(404, 'Beitrag nicht gefunden');

	const id = newId();

	try {
		db.prepare(`
			INSERT INTO reaktionen (id, beitrag_id, user_id)
			VALUES (?, ?, ?)
		`).run(id, body.beitrag_id, u.sub);
	} catch (e: unknown) {
		const msg = e instanceof Error ? e.message : String(e);
		if (msg.includes('UNIQUE')) throw error(409, 'Reaktion bereits vorhanden');
		throw e;
	}

	const reaktion = db.prepare('SELECT * FROM reaktionen WHERE id = ?').get(id);
	return json(row(reaktion as Record<string, unknown>), { status: 201 });
}