import { NextResponse } from "next/server";
import { db } from "@/lib/db";
import { cookies } from "next/headers";
import { verifyToken } from "@/lib/auth";

export async function GET() {
  try {
    const cookieStore = await cookies();
    const token = cookieStore.get("token")?.value;
    const decoded: any = verifyToken(token || "");

    if (!decoded || decoded.role !== 'admin') {
      return NextResponse.json({ error: "No autorizado" }, { status: 403 });
    }

    // Traemos al militante + el nombre y rol de quien lo creó (quien manda la revisión)
    const [reviews]: any = await db.query(`
      SELECT 
        m.*, 
        u.full_name as sender_name, 
        u.role as sender_role
      FROM militants m
      JOIN users u ON m.created_by = u.id
      WHERE m.status = 'review'
      ORDER BY m.updated_at DESC
    `);

    return NextResponse.json(reviews);
  } catch (error) {
    return NextResponse.json({ error: "Error de servidor" }, { status: 500 });
  }
}