import type { NextApiRequest, NextApiResponse } from 'next'
import { prisma } from '@/lib/prisma'
import { requireAuth, logAction } from '@/lib/auth'
import { notifyFormReviewReady } from '@/lib/email'

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  const user = await requireAuth(req, res)
  if (!user) return

  if (req.method !== 'POST') return res.status(405).end()

  const { formId, data } = req.body || {}
  if (!formId || data === undefined) {
    return res.status(400).json({ error: 'formId and data are required' })
  }

  const form = await prisma.buildForm.findUnique({ where: { id: formId } })
  if (!form) return res.status(404).json({ error: 'Form not found' })
  if (form.status !== 'ACTIVE') return res.status(400).json({ error: 'Form is not accepting submissions' })

  await prisma.formSubmission.create({
    data: { formId, submittedBy: user.id, data: JSON.stringify(data) },
  })

  const submissionCount = await prisma.formSubmission.count({ where: { formId } })

  await logAction(user.id, 'CREATE', 'FormSubmission', formId, null, { submissionCount })

  // First time the target is reached: flip to REVIEW_READY and notify admins.
  if (submissionCount === form.minSubmissions) {
    await prisma.buildForm.update({ where: { id: formId }, data: { status: 'REVIEW_READY' } })
    const admins = await prisma.user.findMany({ where: { role: 'ADMIN', active: true } })
    for (const admin of admins) {
      await notifyFormReviewReady(form.name, submissionCount, admin.email, admin.id)
    }
  }

  return res.status(201).json({ submissionCount })
}