import { NextRequest, NextResponse } from "next/server"; import { createClient } from "@/lib/supabase/server"; // GET — list custom rules export async function GET() { const supabase = await createClient(); const { data: { user } } = await supabase.auth.getUser(); if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 }); const { data: profile } = await supabase.from("profiles").select("plan, team_id").eq("id", user.id).single(); if (profile?.plan !== "team") return NextResponse.json({ error: "Custom rules require Team plan" }, { status: 403 }); // Fetch user's own rules + team rules let query = supabase.from("custom_rules").select("*").order("created_at", { ascending: false }); if (profile?.team_id) { query = query.or(`user_id.eq.${user.id},team_id.eq.${profile.team_id}`); } else { query = query.eq("user_id", user.id); } const { data: rules } = await query; return NextResponse.json({ rules: rules || [] }); } // POST — create a custom rule export async function POST(req: NextRequest) { const supabase = await createClient(); const { data: { user } } = await supabase.auth.getUser(); if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 }); const { data: profile } = await supabase.from("profiles").select("plan, team_id").eq("id", user.id).single(); if (profile?.plan !== "team") return NextResponse.json({ error: "Custom rules require Team plan" }, { status: 403 }); const { name, description, pattern, severity, category } = await req.json(); if (!name || !pattern || !category) { return NextResponse.json({ error: "name, pattern, and category are required" }, { status: 400 }); } // Validate regex pattern try { new RegExp(pattern, "i"); } catch { return NextResponse.json({ error: "Invalid regex pattern" }, { status: 400 }); } const { data: rule, error } = await supabase.from("custom_rules").insert({ user_id: user.id, team_id: profile?.team_id || null, name, description: description || null, pattern, severity: severity || "MEDIUM", category, }).select().single(); if (error) return NextResponse.json({ error: error.message }, { status: 500 }); return NextResponse.json({ rule }); } // PUT — update a rule export async function PUT(req: NextRequest) { const supabase = await createClient(); const { data: { user } } = await supabase.auth.getUser(); if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 }); const { id, ...updates } = await req.json(); if (updates.pattern) { try { new RegExp(updates.pattern, "i"); } catch { return NextResponse.json({ error: "Invalid regex pattern" }, { status: 400 }); } } const { error } = await supabase.from("custom_rules") .update({ ...updates, updated_at: new Date().toISOString() }) .eq("id", id) .eq("user_id", user.id); if (error) return NextResponse.json({ error: error.message }, { status: 500 }); return NextResponse.json({ success: true }); } // DELETE — delete a rule export async function DELETE(req: NextRequest) { const supabase = await createClient(); const { data: { user } } = await supabase.auth.getUser(); if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 }); const { id } = await req.json(); const { error } = await supabase.from("custom_rules").delete().eq("id", id).eq("user_id", user.id); if (error) return NextResponse.json({ error: error.message }, { status: 500 }); return NextResponse.json({ success: true }); }