lomavuokraus/app/api/integrations/billing/verify/route.ts

import { NextResponse } from 'next/server';
import { ListingStatus, UserStatus } from '@prisma/client';
import { prisma } from '../../../../../lib/prisma';
import { loadN8nBillingApiKey } from '../../../../../lib/apiKeys';
import { resolveBillingDetails } from '../../../../../lib/billing';

function pickTranslation(translations: { slug: string; locale: string }[]) {
  return translations.find((t) => t.locale === 'en') || translations.find((t) => t.locale === 'fi') || translations[0] || null;
}

function extractApiKey(req: Request) {
  const headerKey = req.headers.get('x-api-key');
  if (headerKey) return headerKey.trim();
  const auth = req.headers.get('authorization');
  if (auth && auth.toLowerCase().startsWith('bearer ')) {
    return auth.slice(7).trim();
  }
  return null;
}

export async function POST(req: Request) {
  const expectedKey = loadN8nBillingApiKey();
  if (!expectedKey) {
    return NextResponse.json({ error: 'Billing API key missing' }, { status: 500 });
  }
  const providedKey = extractApiKey(req);
  if (!providedKey || providedKey !== expectedKey) {
    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
  }

  let body: any;
  try {
    body = await req.json();
  } catch {
    return NextResponse.json({ error: 'Invalid payload' }, { status: 400 });
  }

  const listingId = typeof body.listingId === 'string' ? body.listingId : undefined;
  const listingSlug = typeof body.listingSlug === 'string' ? body.listingSlug.trim() : undefined;
  const ownerEmailRaw = typeof body.ownerEmail === 'string' ? body.ownerEmail.trim() : undefined;
  const ownerEmail = ownerEmailRaw ? ownerEmailRaw.toLowerCase() : undefined;

  if (!listingId && !listingSlug && !ownerEmail) {
    return NextResponse.json({ error: 'Provide listingId, listingSlug, or ownerEmail' }, { status: 400 });
  }

  let listing: any = null;
  if (listingId || listingSlug) {
    const listings = await prisma.listing.findMany({
      where: {
        removedAt: null,
        status: { not: ListingStatus.REMOVED },
        id: listingId ?? undefined,
        translations: listingSlug ? { some: { slug: listingSlug } } : undefined,
      },
      include: {
        owner: {
          select: {
            id: true,
            email: true,
            status: true,
            approvedAt: true,
            emailVerifiedAt: true,
            billingEmailsEnabled: true,
            billingAccountName: true,
            billingIban: true,
            billingIncludeVatLine: true,
          },
        },
        translations: { select: { slug: true, locale: true } },
      },
      take: listingSlug ? 2 : 1,
    });

    if (listingSlug && listings.length > 1) {
      return NextResponse.json({ error: 'Listing slug is ambiguous; provide listingId' }, { status: 400 });
    }
    listing = listings[0] ?? null;
    if (!listing && listingId) {
      return NextResponse.json({ error: 'Listing not found' }, { status: 404 });
    }
    if (!listing && listingSlug) {
      return NextResponse.json({ error: 'Listing not found' }, { status: 404 });
    }
  }

  let owner = listing?.owner ?? null;
  if (!owner && ownerEmail) {
    owner = await prisma.user.findFirst({
      where: { email: { equals: ownerEmail, mode: 'insensitive' } },
      select: {
        id: true,
        email: true,
        status: true,
        approvedAt: true,
        emailVerifiedAt: true,
        billingEmailsEnabled: true,
        billingAccountName: true,
        billingIban: true,
        billingIncludeVatLine: true,
      },
    });
  }

  if (!owner) {
    return NextResponse.json({ enabled: false });
  }

  const ownerReady = owner.status === UserStatus.ACTIVE && owner.approvedAt && owner.emailVerifiedAt;
  if (!ownerReady || !owner.billingEmailsEnabled) {
    return NextResponse.json({ enabled: false, owner: { id: owner.id, email: owner.email } });
  }

  const billing = resolveBillingDetails(owner, listing ?? undefined);
  const enabled = Boolean(billing.accountName && billing.iban);
  const listingHasOverride =
    listing &&
    (listing.billingAccountName !== null && listing.billingAccountName !== undefined ||
      listing.billingIban !== null && listing.billingIban !== undefined ||
      listing.billingIncludeVatLine !== null && listing.billingIncludeVatLine !== undefined);
  const source = listingHasOverride ? 'listing' : 'user';

  return NextResponse.json({
    enabled,
    owner: { id: owner.id, email: owner.email },
    listing: listing
      ? {
          id: listing.id,
          slug: pickTranslation(listing.translations)?.slug ?? listing.translations[0]?.slug ?? null,
          status: listing.status,
        }
      : null,
    billing: enabled ? { ...billing, source } : null,
  });
}

export const dynamic = 'force-dynamic';