import { NextResponse } from "next/server";
import { db } from "@/lib/db";
import { cookies } from "next/headers";
import jwt from "jsonwebtoken";

const SECRET = process.env.JWT_SECRET!;

export async function POST(request: Request) {
  try {
    const body = await request.json();
    const { id, notes, status } = body;

    const cookieStore = await cookies();
    const token = cookieStore.get("token")?.value;
    if (!token) return NextResponse.json({ error: "No autorizado" }, { status: 401 });

    const sessionUser: any = jwt.verify(token, SECRET);

    if (!id) return NextResponse.json({ error: "ID de militante requerido" }, { status: 400 });

    let query = "";
    let queryParams = [];

    // Lógica para Líder: Puede activar/inactivar cualquier registro de su estructura
    if (sessionUser.role === 'leader') {
      query = `
        UPDATE militants 
        SET status = ?, 
            notes = COALESCE(NULLIF(?, ''), notes) 
        WHERE id = ? AND leader_id = ?
      `;
      queryParams = [status, notes || '', id, sessionUser.id];
    } else {
      // Lógica para Brigadista: Solo sus propios registros
      query = `
        UPDATE militants 
        SET status = ?, notes = ? 
        WHERE id = ? AND created_by = ?
      `;
      queryParams = [status || 'review', notes || '', id, sessionUser.id];
    }

    const [result]: any = await db.query(query, queryParams);

    if (result.affectedRows === 0) {
      return NextResponse.json({ 
        error: "Sin permisos o registro inexistente" 
      }, { status: 404 });
    }

    return NextResponse.json({ success: true });

  } catch (error: any) {
    console.error("REVIEW_TOGGLE_ERROR:", error);
    return NextResponse.json({ error: "Error de servidor" }, { status: 500 });
  }
}