import { NextResponse } from "next/server";
import prisma from "@/lib/prisma";
import { z } from "zod";
import { getUserIdFromRequest } from "@/lib/auth";
import { requirePermission } from "@/lib/rbac";

export async function GET() {
  const categories = await prisma.boardCategory.findMany({
    orderBy: [{ sortOrder: "asc" }, { createdAt: "asc" }],
  });
  return NextResponse.json({ categories });
}

const createSchema = z.object({
  name: z.string().min(1),
  slug: z.string().min(1),
  sortOrder: z.coerce.number().int().optional(),
  status: z.enum(["active", "hidden"]).optional(),
});

export async function POST(req: Request) {
  const userId = getUserIdFromRequest(req);
  try {
    await requirePermission({ userId, resource: "ADMIN", action: "MODERATE" });
  } catch (e) {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }
  const body = await req.json().catch(() => ({}));
  const parsed = createSchema.safeParse(body);
  if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
  const category = await prisma.boardCategory.create({ data: parsed.data });
  return NextResponse.json({ category }, { status: 201 });
}