import { NextResponse } from "next/server"
import { requireStaff } from "@/server/auth"
import { prisma } from "@/server/db"

export async function GET(req: Request) {
  try {
    await requireStaff()
  } catch (e: unknown) {
    const msg = e instanceof Error ? e.message : String(e ?? "")
    console.warn("admin/subaccounts/alerts/logs: unauthorized access attempt", msg)
    return NextResponse.json({ error: "UNAUTHORIZED" }, { status: 401 })
  }

  const url = new URL(req.url)
  const limit = Math.min(Number(url.searchParams.get("limit") ?? 50), 200)

  const logs = await prisma.alertEmailLog.findMany({
    orderBy: { sentAt: "desc" },
    take: limit,
  })

  return NextResponse.json({ logs })
}