import { NextResponse } from "next/server";
import { db } from "@/lib/db";
import { cookies } from "next/headers";
import { verifyToken } from "@/lib/auth";

export async function POST(req: Request) {
  try {
    const { id, status } = await req.json(); // status es boolean
    const cookieStore = await cookies();
    const token = cookieStore.get("token")?.value;

    if (!token) return NextResponse.json({ error: "No autorizado" }, { status: 401 });
    const decoded: any = verifyToken(token);

    if (decoded.role !== 'leader') {
      return NextResponse.json({ error: "Permisos insuficientes" }, { status: 403 });
    }

    // Actualizamos 'active' en 'users' validando que el militante vinculado sea del líder
    await db.query(
      `UPDATE users u
       INNER JOIN militants m ON u.militant_id = m.id
       SET u.active = ? 
       WHERE u.id = ? AND m.leader_id = ?`,
      [status ? 1 : 0, id, decoded.id]
    );

    return NextResponse.json({ success: true });
  } catch (error) {
    console.error("TOGGLE_USER_ERROR:", error);
    return NextResponse.json({ error: "Error al cambiar estatus" }, { status: 500 });
  }
}