qms/pages/api/shipments/[id]/send.ts

import type { NextApiRequest, NextApiResponse } from 'next'
import { prisma } from '@/lib/prisma'
import { requireAuth, logAction, SHIPMENT_SEND_ROLES } from '@/lib/auth'
import { sendEmail, emailTemplate } from '@/lib/email'

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  const user = await requireAuth(req, res, SHIPMENT_SEND_ROLES)
  if (!user) return
  if (req.method !== 'POST') return res.status(405).end()

  const { id } = req.query as { id: string }
  const { clientEmail, subject, message } = req.body

  if (!clientEmail || !subject || !message) {
    return res.status(400).json({ error: 'clientEmail, subject, message required' })
  }

  const shipment = await prisma.shipment.findUnique({ where: { id }, include: { items: true } })
  if (!shipment) return res.status(404).json({ error: 'Shipment not found' })

  const itemsHtml = shipment.items.filter(i => i.included).map(i => `<li>${i.label}</li>`).join('')
  await sendEmail(clientEmail, subject, emailTemplate('Quality Release Package', `
    <p>${message.replace(/\n/g, '<br>')}</p>
    <ul>${itemsHtml}</ul>
  `))

  const updated = await prisma.shipment.update({
    where: { id },
    data: { sentAt: new Date(), sentTo: clientEmail },
  })

  await logAction(user.id, 'UPDATE', 'Shipment', id, { sentAt: null }, { sentAt: updated.sentAt, sentTo: clientEmail })

  return res.json({ data: updated })
}