import db from "@/lib/db";
import { NextResponse } from "next/server";
import { withReadAuth, withUserAuth } from "@/lib/middleware/auth";

async function getContractsHandler() {
	const contracts = db
		.prepare(
			`
			SELECT 
				contract_id,
				contract_number,
				contract_name,
				customer_contract_number,
				customer,
				investor,
				date_signed,
				finish_date
			FROM contracts
			ORDER BY contract_number
		`
		)
		.all();
	return NextResponse.json(contracts);
}

async function createContractHandler(req) {
	const data = await req.json();
	const result = db.prepare(
		`
    INSERT INTO contracts (
      contract_number,
      contract_name,
      customer_contract_number,
      customer,
	  investor,
      date_signed,
      finish_date
    ) VALUES (?, ?, ?, ?, ?, ?, ?)
  `
	).run(
		data.contract_number,
		data.contract_name,
		data.customer_contract_number,
		data.customer,
		data.investor,
		data.date_signed,
		data.finish_date
	);
	
	// Return the newly created contract with its ID
	const contract = db.prepare("SELECT * FROM contracts WHERE contract_id = ?").get(result.lastInsertRowid);
	return NextResponse.json(contract);
}

// Protected routes - require authentication
export const GET = withReadAuth(getContractsHandler);
export const POST = withUserAuth(createContractHandler);