import type { NextApiRequest, NextApiResponse } from 'next' import { prisma } from '@/lib/prisma' import { requireAuth, logAction } from '@/lib/auth' import { serializeOptions, withParsedFields } from '@/lib/forms' export default async function handler(req: NextApiRequest, res: NextApiResponse) { const user = await requireAuth(req, res) if (!user) return if (req.method === 'GET') { const { status } = req.query const where: any = {} if (status) where.status = String(status) const forms = await prisma.buildForm.findMany({ where, include: { fields: { orderBy: { order: 'asc' } }, _count: { select: { submissions: true, fields: true } }, }, orderBy: { createdAt: 'desc' }, }) return res.json({ data: forms.map(f => withParsedFields(f)) }) } if (req.method === 'POST') { if (user.role !== 'ADMIN') return res.status(403).json({ error: 'Admin only' }) const { name, product, description, minSubmissions, fields } = req.body as { name?: string product?: string description?: string minSubmissions?: number fields?: Array<{ label: string; type: string; hint?: string; options?: string[]; required?: boolean; trackStd?: boolean }> } if (!name) return res.status(400).json({ error: 'Form name is required' }) const form = await prisma.buildForm.create({ data: { name, product: product || null, description: description || null, minSubmissions: minSubmissions ?? 10, status: 'DRAFT', createdById: user.id, fields: { create: (fields || []).map((f, i) => ({ label: f.label, type: f.type, hint: f.hint || null, options: serializeOptions(f.options), required: !!f.required, trackStd: f.trackStd !== false, order: i, })), }, }, include: { fields: { orderBy: { order: 'asc' } }, _count: { select: { submissions: true, fields: true } }, }, }) await logAction(user.id, 'CREATE', 'BuildForm', form.id, null, { name }) return res.status(201).json({ data: withParsedFields(form) }) } res.status(405).end() }