web/app/api/custom-rules/route.ts

import { NextRequest, NextResponse } from "next/server";
import { createClient } from "@/lib/supabase/server";

// GET — list custom rules
export async function GET() {
  const supabase = await createClient();
  const { data: { user } } = await supabase.auth.getUser();
  if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 });

  const { data: profile } = await supabase.from("profiles").select("plan, team_id").eq("id", user.id).single();
  if (profile?.plan !== "team") return NextResponse.json({ error: "Custom rules require Team plan" }, { status: 403 });

  // Fetch user's own rules + team rules
  let query = supabase.from("custom_rules").select("*").order("created_at", { ascending: false });

  if (profile?.team_id) {
    query = query.or(`user_id.eq.${user.id},team_id.eq.${profile.team_id}`);
  } else {
    query = query.eq("user_id", user.id);
  }

  const { data: rules } = await query;
  return NextResponse.json({ rules: rules || [] });
}

// POST — create a custom rule
export async function POST(req: NextRequest) {
  const supabase = await createClient();
  const { data: { user } } = await supabase.auth.getUser();
  if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 });

  const { data: profile } = await supabase.from("profiles").select("plan, team_id").eq("id", user.id).single();
  if (profile?.plan !== "team") return NextResponse.json({ error: "Custom rules require Team plan" }, { status: 403 });

  const { name, description, pattern, severity, category } = await req.json();

  if (!name || !pattern || !category) {
    return NextResponse.json({ error: "name, pattern, and category are required" }, { status: 400 });
  }

  // Validate regex pattern
  try { new RegExp(pattern, "i"); } catch {
    return NextResponse.json({ error: "Invalid regex pattern" }, { status: 400 });
  }

  const { data: rule, error } = await supabase.from("custom_rules").insert({
    user_id: user.id,
    team_id: profile?.team_id || null,
    name,
    description: description || null,
    pattern,
    severity: severity || "MEDIUM",
    category,
  }).select().single();

  if (error) return NextResponse.json({ error: error.message }, { status: 500 });
  return NextResponse.json({ rule });
}

// PUT — update a rule
export async function PUT(req: NextRequest) {
  const supabase = await createClient();
  const { data: { user } } = await supabase.auth.getUser();
  if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 });

  const { id, ...updates } = await req.json();

  if (updates.pattern) {
    try { new RegExp(updates.pattern, "i"); } catch {
      return NextResponse.json({ error: "Invalid regex pattern" }, { status: 400 });
    }
  }

  const { error } = await supabase.from("custom_rules")
    .update({ ...updates, updated_at: new Date().toISOString() })
    .eq("id", id)
    .eq("user_id", user.id);

  if (error) return NextResponse.json({ error: error.message }, { status: 500 });
  return NextResponse.json({ success: true });
}

// DELETE — delete a rule
export async function DELETE(req: NextRequest) {
  const supabase = await createClient();
  const { data: { user } } = await supabase.auth.getUser();
  if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 });

  const { id } = await req.json();

  const { error } = await supabase.from("custom_rules").delete().eq("id", id).eq("user_id", user.id);
  if (error) return NextResponse.json({ error: error.message }, { status: 500 });
  return NextResponse.json({ success: true });
}