import type { NextApiRequest, NextApiResponse } from 'next'
import { prisma } from '@/lib/prisma'
import { requireAuth, logAction } from '@/lib/auth'

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  const user = await requireAuth(req, res)
  if (!user) return

  if (req.method === 'GET') {
    const items = await prisma.shippingStandardItem.findMany({ orderBy: { order: 'asc' } })
    return res.json({ data: items })
  }

  if (req.method === 'POST') {
    if (user.role !== 'ADMIN' && user.role !== 'QC') return res.status(403).json({ error: 'Admin/QC only' })
    const { text, source } = req.body
    if (!text) return res.status(400).json({ error: 'text required' })

    const maxOrder = await prisma.shippingStandardItem.count()
    const item = await prisma.shippingStandardItem.create({
      data: { text, source: source || 'Baseline', order: maxOrder },
    })

    await logAction(user.id, 'CREATE', 'ShippingStandardItem', item.id, null, { text })
    return res.status(201).json({ data: item })
  }

  res.status(405).end()
}