import { NextRequest, NextResponse } from 'next/server' import { getSession } from '@/lib/auth' import { queryJobPanelDb } from '@/lib/job-panel-db' import { checkPanelAccess, isFeatureEnabled } from '@/lib/services/job-panel-permissions' import { v4 as uuidv4 } from 'uuid' import type { RowDataPacket } from 'mysql2' // GET - List storage items export async function GET( request: NextRequest, { params }: { params: Promise<{ id: string }> } ) { try { const session = await getSession() if (!session) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const { id } = await params // Check access const access = await checkPanelAccess(id) if (!access?.canAccess) { return NextResponse.json({ error: 'Access denied' }, { status: 403 }) } // Check if feature is enabled (superadmins can always access) const featureEnabled = await isFeatureEnabled(id, 'storage_management') if (!featureEnabled && !access.isSuperadmin) { return NextResponse.json({ items: [], featureDisabled: true }) } // Get items const items = await queryJobPanelDb( `SELECT * FROM job_panel_storage WHERE panel_id = ? ORDER BY category, item_name`, [id] ) return NextResponse.json({ items }) } catch (error) { console.error('[Storage] Error:', error) return NextResponse.json({ error: 'Internal server error' }, { status: 500 }) } } // POST - Add storage item export async function POST( request: NextRequest, { params }: { params: Promise<{ id: string }> } ) { try { const session = await getSession() if (!session) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const { id } = await params const body = await request.json() const { itemName, quantity, category, minStock } = body if (!itemName || quantity === undefined) { return NextResponse.json({ error: 'Item name and quantity required' }, { status: 400 }) } // Check access const hasAccess = await checkPanelAccess(id, session.discordId, session.role) if (!hasAccess) { return NextResponse.json({ error: 'Access denied' }, { status: 403 }) } // Check if item already exists const existing = await queryJobPanelDb( 'SELECT id, quantity FROM job_panel_storage WHERE panel_id = ? AND item_name = ?', [id, itemName] ) if (existing.length > 0) { // Update quantity await queryJobPanelDb( 'UPDATE job_panel_storage SET quantity = quantity + ?, updated_at = NOW() WHERE id = ?', [quantity, existing[0].id] ) return NextResponse.json({ success: true, itemId: existing[0].id, updated: true }) } // Create new item const itemId = uuidv4() await queryJobPanelDb( `INSERT INTO job_panel_storage (id, panel_id, item_name, quantity, category, min_stock, added_by) VALUES (?, ?, ?, ?, ?, ?, ?)`, [itemId, id, itemName, quantity, category || 'equipment', minStock || 0, session.userId] ) return NextResponse.json({ success: true, itemId }) } catch (error) { console.error('[Storage] Error:', error) return NextResponse.json({ error: 'Internal server error' }, { status: 500 }) } } // PUT - Update storage item export async function PUT( request: NextRequest, { params }: { params: Promise<{ id: string }> } ) { try { const session = await getSession() if (!session) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const { id } = await params const body = await request.json() const { itemId, quantity, minStock } = body if (!itemId) { return NextResponse.json({ error: 'Item ID required' }, { status: 400 }) } // Check access const hasAccess = await checkPanelAccess(id, session.discordId, session.role) if (!hasAccess) { return NextResponse.json({ error: 'Access denied' }, { status: 403 }) } const updates: string[] = [] const values: (string | number)[] = [] if (quantity !== undefined) { updates.push('quantity = ?') values.push(quantity) } if (minStock !== undefined) { updates.push('min_stock = ?') values.push(minStock) } if (updates.length > 0) { updates.push('updated_at = NOW()') values.push(itemId, id) await queryJobPanelDb( `UPDATE job_panel_storage SET ${updates.join(', ')} WHERE id = ? AND panel_id = ?`, values ) } return NextResponse.json({ success: true }) } catch (error) { console.error('[Storage] Error:', error) return NextResponse.json({ error: 'Internal server error' }, { status: 500 }) } } // DELETE - Remove storage item export async function DELETE( request: NextRequest, { params }: { params: Promise<{ id: string }> } ) { try { const session = await getSession() if (!session) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const { id } = await params const { searchParams } = new URL(request.url) const itemId = searchParams.get('itemId') if (!itemId) { return NextResponse.json({ error: 'Item ID required' }, { status: 400 }) } // Check access const hasAccess = await checkPanelAccess(id, session.discordId, session.role) if (!hasAccess) { return NextResponse.json({ error: 'Access denied' }, { status: 403 }) } await queryJobPanelDb('DELETE FROM job_panel_storage WHERE id = ? AND panel_id = ?', [itemId, id]) return NextResponse.json({ success: true }) } catch (error) { console.error('[Storage] Error:', error) return NextResponse.json({ error: 'Internal server error' }, { status: 500 }) } }