biblical-guide.com/app/api/admin/content/prayer-requests/[id]/route.ts

import { NextResponse } from 'next/server';
import { prisma } from '@/lib/db';
import { getCurrentAdmin, AdminPermission, hasPermission } from '@/lib/admin-auth';

export const runtime = 'nodejs';

export async function GET(
  request: Request,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    const admin = await getCurrentAdmin();
    if (!admin || !hasPermission(admin, AdminPermission.MODERATE_CONTENT)) {
      return NextResponse.json(
        { error: 'Unauthorized' },
        { status: 401 }
      );
    }

    const { id } = await params;

    const prayerRequest = await prisma.prayerRequest.findUnique({
      where: { id },
      include: {
        user: {
          select: {
            id: true,
            email: true,
            name: true,
            role: true
          }
        },
        prayers: {
          select: {
            id: true,
            ipAddress: true,
            createdAt: true
          },
          orderBy: { createdAt: 'desc' },
          take: 10
        },
        userPrayers: {
          select: {
            id: true,
            createdAt: true,
            user: {
              select: {
                id: true,
                email: true,
                name: true
              }
            }
          },
          orderBy: { createdAt: 'desc' },
          take: 10
        }
      }
    });

    if (!prayerRequest) {
      return NextResponse.json(
        { error: 'Prayer request not found' },
        { status: 404 }
      );
    }

    return NextResponse.json({ prayerRequest });

  } catch (error) {
    console.error('Admin prayer request detail error:', error);
    return NextResponse.json(
      { error: 'Server error' },
      { status: 500 }
    );
  }
}

export async function PUT(
  request: Request,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    const admin = await getCurrentAdmin();
    if (!admin || !hasPermission(admin, AdminPermission.MODERATE_CONTENT)) {
      return NextResponse.json(
        { error: 'Unauthorized' },
        { status: 401 }
      );
    }

    const { id } = await params;
    const body = await request.json();
    const { action, reason } = body;

    let updateData: any = {};

    switch (action) {
      case 'approve':
        updateData = { isActive: true };
        break;
      case 'reject':
        updateData = { isActive: false };
        break;
      default:
        return NextResponse.json(
          { error: 'Invalid action' },
          { status: 400 }
        );
    }

    const prayerRequest = await prisma.prayerRequest.update({
      where: { id },
      data: updateData,
      select: {
        id: true,
        title: true,
        isActive: true,
        user: {
          select: {
            email: true
          }
        }
      }
    });

    // TODO: Add audit log entry here in the future
    console.log(`Admin ${admin.email} performed action '${action}' on prayer request ${prayerRequest.title}${reason ? ` with reason: ${reason}` : ''}`);

    return NextResponse.json({ prayerRequest });

  } catch (error) {
    console.error('Admin prayer request update error:', error);
    return NextResponse.json(
      { error: 'Server error' },
      { status: 500 }
    );
  }
}

export async function DELETE(
  request: Request,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    const admin = await getCurrentAdmin();
    if (!admin || !hasPermission(admin, AdminPermission.MODERATE_CONTENT)) {
      return NextResponse.json(
        { error: 'Unauthorized' },
        { status: 401 }
      );
    }

    const { id } = await params;

    const prayerRequest = await prisma.prayerRequest.findUnique({
      where: { id },
      select: { title: true, user: { select: { email: true } } }
    });

    if (!prayerRequest) {
      return NextResponse.json(
        { error: 'Prayer request not found' },
        { status: 404 }
      );
    }

    // Delete prayer request and all related data (CASCADE)
    await prisma.prayerRequest.delete({
      where: { id }
    });

    console.log(`Admin ${admin.email} deleted prayer request "${prayerRequest.title}"`);

    return NextResponse.json({ success: true });

  } catch (error) {
    console.error('Admin prayer request delete error:', error);
    return NextResponse.json(
      { error: 'Server error' },
      { status: 500 }
    );
  }
}