AnchorOS/app/api/availability/staff-unavailable/route.ts

import { NextRequest, NextResponse } from 'next/server'
import { supabaseAdmin } from '@/lib/supabase/admin'

async function validateAdminOrStaff(request: NextRequest) {
  const authHeader = request.headers.get('authorization')
  
  if (!authHeader) {
    return null
  }

  const token = authHeader.replace('Bearer ', '')
  
  if (token !== process.env.ADMIN_ENROLLMENT_KEY) {
    return null
  }

  return true
}

/**
 * @description Marks staff as unavailable for a time period
 */
export async function POST(request: NextRequest) {
  try {
    const hasAccess = await validateAdminOrStaff(request)
    
    if (!hasAccess) {
      return NextResponse.json(
        { error: 'Unauthorized' },
        { status: 401 }
      )
    }

    const body = await request.json()
    const {
      staff_id,
      date,
      start_time,
      end_time,
      reason,
      location_id
    } = body

    if (!staff_id || !date || !start_time || !end_time) {
      return NextResponse.json(
        { error: 'Missing required fields: staff_id, date, start_time, end_time' },
        { status: 400 }
      )
    }

    const { data: staff, error: staffError } = await supabaseAdmin
      .from('staff')
      .select('id, location_id')
      .eq('id', staff_id)
      .single()

    if (staffError || !staff) {
      return NextResponse.json(
        { error: staffError?.message || 'Staff not found' },
        { status: 400 }
      )
    }

    const { data: availability, error: availabilityError } = await supabaseAdmin.rpc('check_staff_availability', {
      p_staff_id: staff_id,
      p_start_time_utc: `${date}T${start_time}Z`,
      p_end_time_utc: `${date}T${end_time}Z`
    })

    if (availabilityError) {
      return NextResponse.json(
        { error: availabilityError.message },
        { status: 400 }
      )
    }

    const { data: existingAvailability } = await supabaseAdmin
      .from('staff_availability')
      .select('*')
      .eq('staff_id', staff_id)
      .eq('date', date)
      .single()

    if (existingAvailability) {
      return NextResponse.json(
        { error: 'Availability already exists for this staff and date' },
        { status: 400 }
      )
    }

    const { data: newAvailability, error: createError } = await supabaseAdmin
      .from('staff_availability')
      .insert({
        staff_id,
        date,
        start_time,
        end_time,
        is_available: false,
        reason,
        created_by: staff_id
      })
      .select()
      .single()

    if (createError) {
      return NextResponse.json(
        { error: createError.message },
        { status: 400 }
      )
    }

    return NextResponse.json({
      success: true,
      availability: newAvailability
    })
  } catch (error) {
    console.error('Staff unavailable POST error:', error)
    return NextResponse.json(
      { error: 'Internal server error' },
      { status: 500 }
    )
  }
}

/**
 * @description Retrieves staff unavailability records
 */
export async function GET(request: NextRequest) {
  try {
    const hasAccess = await validateAdminOrStaff(request)
    
    if (!hasAccess) {
      return NextResponse.json(
        { error: 'Unauthorized' },
        { status: 401 }
      )
    }

    const { searchParams } = new URL(request.url)
    const staffId = searchParams.get('staff_id')
    const startDate = searchParams.get('start_date')
    const endDate = searchParams.get('end_date')

    if (!staffId) {
      return NextResponse.json(
        { error: 'Missing required parameter: staff_id' },
        { status: 400 }
      )
    }

    let query = supabaseAdmin
      .from('staff_availability')
      .select('*')
      .eq('staff_id', staffId)

    if (startDate) {
      query = query.gte('date', startDate)
    }

    if (endDate) {
      query = query.lte('date', endDate)
    }

    const { data: availabilityList, error } = await query.order('date', { ascending: true })

    if (error) {
      return NextResponse.json(
        { error: error.message },
        { status: 400 }
      )
    }

    return NextResponse.json({
      success: true,
      availability: availabilityList || []
    })
  } catch (error) {
    console.error('Staff unavailable GET error:', error)
    return NextResponse.json(
      { error: 'Internal server error' },
      { status: 500 }
    )
  }
}