import { NextRequest, NextResponse } from 'next/server'; import { createClient } from '@/lib/supabase/server'; export async function GET(request: NextRequest) { try { const supabase = await createClient(); const { data: { user }, error: authError } = await supabase.auth.getUser(); if (authError || !user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); const { data: profile } = await supabase.from('user_profiles').select('role').eq('id', user.id).single(); if (!['administrator', 'admin'].includes(profile?.role || '')) return NextResponse.json({ error: 'Forbidden' }, { status: 403 }); const { searchParams } = new URL(request.url); const search = searchParams.get('search') || ''; const banLevel = searchParams.get('ban_level') || ''; const siteScope = searchParams.get('site_scope') || ''; const activeFilter = searchParams.get('active') || ''; let query = supabase .from('banned_terms') .select('*, added_by_profile:user_profiles!banned_terms_added_by_fkey(full_name)') .order('created_at', { ascending: false }); if (search) query = query.ilike('term', `%${search}%`); if (banLevel) query = query.eq('ban_level', banLevel); if (siteScope) query = query.eq('site_scope', siteScope); if (activeFilter !== '') query = query.eq('is_active', activeFilter === 'true'); const { data, error } = await query; if (error) return NextResponse.json({ error: error.message }, { status: 500 }); return NextResponse.json({ terms: data || [] }); } catch (err: any) { return NextResponse.json({ error: err.message }, { status: 500 }); } } export async function POST(request: NextRequest) { try { const supabase = await createClient(); const { data: { user }, error: authError } = await supabase.auth.getUser(); if (authError || !user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); const { data: profile } = await supabase.from('user_profiles').select('role').eq('id', user.id).single(); if (!['administrator', 'admin'].includes(profile?.role || '')) return NextResponse.json({ error: 'Forbidden' }, { status: 403 }); const body = await request.json(); const { term, ban_level, site_scope, notes } = body; if (!term?.trim()) return NextResponse.json({ error: 'Term is required' }, { status: 400 }); const { data, error } = await supabase .from('banned_terms') .insert({ term: term.trim(), ban_level: ban_level || 'soft', site_scope: site_scope || 'both', notes: notes || null, added_by: user.id }) .select() .single(); if (error) return NextResponse.json({ error: error.message }, { status: 500 }); return NextResponse.json({ term: data }, { status: 201 }); } catch (err: any) { return NextResponse.json({ error: err.message }, { status: 500 }); } } export async function PATCH(request: NextRequest) { try { const supabase = await createClient(); const { data: { user }, error: authError } = await supabase.auth.getUser(); if (authError || !user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); const { data: profile } = await supabase.from('user_profiles').select('role').eq('id', user.id).single(); if (!['administrator', 'admin'].includes(profile?.role || '')) return NextResponse.json({ error: 'Forbidden' }, { status: 403 }); const body = await request.json(); const { id, ...updates } = body; if (!id) return NextResponse.json({ error: 'ID required' }, { status: 400 }); const { error } = await supabase.from('banned_terms').update(updates).eq('id', id); if (error) return NextResponse.json({ error: error.message }, { status: 500 }); return NextResponse.json({ success: true }); } catch (err: any) { return NextResponse.json({ error: err.message }, { status: 500 }); } } export async function DELETE(request: NextRequest) { try { const supabase = await createClient(); const { data: { user }, error: authError } = await supabase.auth.getUser(); if (authError || !user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); const { data: profile } = await supabase.from('user_profiles').select('role').eq('id', user.id).single(); if (!['administrator', 'admin'].includes(profile?.role || '')) return NextResponse.json({ error: 'Forbidden' }, { status: 403 }); const { searchParams } = new URL(request.url); const id = searchParams.get('id'); if (!id) return NextResponse.json({ error: 'ID required' }, { status: 400 }); const { error } = await supabase.from('banned_terms').delete().eq('id', id); if (error) return NextResponse.json({ error: error.message }, { status: 500 }); return NextResponse.json({ success: true }); } catch (err: any) { return NextResponse.json({ error: err.message }, { status: 500 }); } }