lms-sb/src/app/api/admin/lesson-files/route.ts

import { NextRequest, NextResponse } from "next/server";
import { headers } from "next/headers";
import { auth } from "@/lib/auth";
import { prisma } from "@/lib/prisma";
import { uploadFile, deleteFile } from "@/lib/s3";
import { randomUUID } from "crypto";

async function requireAdmin() {
  const session = await auth.api.getSession({ headers: await headers() });
  if (!session || session.user.role !== "admin") return null;
  return session;
}

export async function POST(req: NextRequest) {
  if (!await requireAdmin()) {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }

  const form = await req.formData();
  const file = form.get("file") as File | null;
  const lessonId = form.get("lessonId") as string | null;
  const label = (form.get("label") as string | null)?.trim() || null;
  if (!file || !lessonId) return NextResponse.json({ error: "Missing fields" }, { status: 400 });

  const MAX_BYTES = 50 * 1024 * 1024;
  if (file.size > MAX_BYTES) return NextResponse.json({ error: "Файл слишком большой" }, { status: 413 });

  const name = label ?? file.name;
  const existing = await prisma.lessonFile.findFirst({ where: { lessonId, name } });

  const ext = file.name.split(".").pop() ?? "bin";
  const key = `lessons/${lessonId}/${randomUUID()}.${ext}`;
  const buffer = Buffer.from(await file.arrayBuffer());
  const url = await uploadFile(key, buffer, file.type);

  if (existing) {
    const oldKey = existing.url.split(`/${process.env.S3_BUCKET}/`)[1];
    if (oldKey) await deleteFile(oldKey).catch(() => {});
    const lessonFile = await prisma.lessonFile.update({
      where: { id: existing.id },
      data: { url, size: file.size },
    });
    return NextResponse.json(lessonFile);
  }

  const lessonFile = await prisma.lessonFile.create({
    data: { lessonId, name, url, size: file.size },
  });
  return NextResponse.json(lessonFile);
}

export async function PATCH(req: NextRequest) {
  if (!await requireAdmin()) {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }

  const { fileId, label } = await req.json();
  if (!fileId || typeof label !== "string") {
    return NextResponse.json({ error: "Missing fields" }, { status: 400 });
  }
  const updated = await prisma.lessonFile.update({
    where: { id: fileId },
    data: { name: label.trim() || undefined },
  });
  return NextResponse.json(updated);
}

export async function DELETE(req: NextRequest) {
  if (!await requireAdmin()) {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }

  const { fileId, url } = await req.json();
  if (url) {
    const key = (url as string).split(`/${process.env.S3_BUCKET}/`)[1];
    if (key) await deleteFile(key).catch(() => {});
  }
  await prisma.lessonFile.delete({ where: { id: fileId } });
  return NextResponse.json({ ok: true });
}