// app/api/files/route.js
import { NextResponse } from "next/server";
import { listFiles } from "@/lib/storage";
import { getSession } from "@/lib/auth/session";
import { canAccessBranch } from "@/lib/auth/permissions";

/**
 * GET /api/files?branch=&year=&month=&day=
 */
export async function GET(request) {
	const session = await getSession();

	if (!session) {
		return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
	}

	const { searchParams } = new URL(request.url);
	const branch = searchParams.get("branch");
	const year = searchParams.get("year");
	const month = searchParams.get("month");
	const day = searchParams.get("day");

	console.log("[/api/files] query:", { branch, year, month, day });

	if (!branch || !year || !month || !day) {
		return NextResponse.json(
			{ error: "branch, year, month, day sind erforderlich" },
			{ status: 400 }
		);
	}

	if (!canAccessBranch(session, branch)) {
		return NextResponse.json({ error: "Forbidden" }, { status: 403 });
	}

	try {
		const files = await listFiles(branch, year, month, day);
		return NextResponse.json({ branch, year, month, day, files });
	} catch (error) {
		console.error("[/api/files] Error:", error);

		return NextResponse.json(
			{ error: "Fehler beim Lesen der Dateien: " + error.message },
			{ status: 500 }
		);
	}
}