import type { NextApiRequest, NextApiResponse } from 'next'
import { prisma } from '@/lib/prisma'
import { requireAuth, logAction, generateRef } from '@/lib/auth'
import { NCRStatus } from '@prisma/client'

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  const user = await requireAuth(req, res)
  if (!user) return

  if (req.method === 'GET') {
    const { status } = req.query
    const where: any = {}
    if (status) where.status = status as NCRStatus

    const ncrs = await prisma.nCR.findMany({
      where,
      include: { raisedBy: { select: { name: true } }, capa: { select: { ref: true } } },
      orderBy: { createdAt: 'desc' },
    })
    return res.json({ data: ncrs })
  }

  if (req.method === 'POST') {
    // Any authenticated user can report an issue (production intake)
    const { description, source } = req.body
    if (!description) return res.status(400).json({ error: 'description required' })

    const count = await prisma.nCR.count()
    const ref = generateRef('NCR', count)

    const ncr = await prisma.nCR.create({
      data: { ref, description, source, raisedById: user.id },
      include: { raisedBy: { select: { name: true } } },
    })

    await logAction(user.id, 'CREATE', 'NCR', ncr.id, null, { ref, description })
    return res.status(201).json({ data: ncr })
  }

  res.status(405).end()
}