import { NextRequest } from 'next/server';
import { checkIsAdmin, getAdminUserId } from '@/lib/auth/check-permission';
import { createAuditLog } from '@/lib/audit';
import { uploadFile, deleteFile } from '@/lib/upload';
import { forbidden, badRequest, notFound, success, handleApiError } from '@/lib/api-response';

export async function POST(request: NextRequest) {
  try {
    const { isAdmin } = await checkIsAdmin();
    const userId = await getAdminUserId();
    
    if (!isAdmin || !userId) {
      return forbidden();
    }

    const formData = await request.formData();
    const file = formData.get('file') as File | null;
    const type = (formData.get('type') as 'image' | 'document') || 'image';

    if (!file) {
      return badRequest('未找到文件');
    }

    const result = await uploadFile(file, {
      type,
      userId,
    });

    await createAuditLog({
      userId,
      action: 'upload',
      resourceType: 'file',
      resourceId: result.id,
      details: {
        fileName: result.name,
        fileType: result.type,
        fileSize: result.size,
        url: result.url,
      },
    });

    return success({
      success: true,
      file: result,
    });
  } catch (error) {
    console.error('文件上传失败:', error);
    
    if (error instanceof Error) {
      return badRequest(error.message);
    }
    
    return handleApiError(error);
  }
}

export async function DELETE(request: NextRequest) {
  try {
    const { isAdmin } = await checkIsAdmin();
    const userId = await getAdminUserId();
    
    if (!isAdmin || !userId) {
      return forbidden();
    }

    const { searchParams } = new URL(request.url);
    const fileUrl = searchParams.get('url');

    if (!fileUrl) {
      return badRequest('缺少文件 URL');
    }

    const result = await deleteFile(fileUrl);

    if (!result) {
      return notFound('文件不存在或删除失败');
    }

    return success({ success: true });
  } catch (error) {
    console.error('文件删除失败:', error);
    return handleApiError(error);
  }
}