import { NextResponse } from "next/server"
import { requireStaff } from "@/server/auth"
import { sendAlerts, sendTestAlert } from "@/server/alerts"

const DEFAULT_BOUNCE_MIN = 10
const DEFAULT_SPAM_MIN = 0.1
const DEFAULT_DAYS = 7

function toNumber(value: unknown, fallback: number) {
  const n = Number(value)
  return Number.isFinite(n) ? n : fallback
}

export async function POST(req: Request) {
  try {
    await requireStaff()
  } catch (e: unknown) {
    const msg = e instanceof Error ? e.message : String(e ?? "")
    console.warn("admin/subaccounts/alerts/send: unauthorized access attempt", msg)
    return NextResponse.json({ error: "UNAUTHORIZED" }, { status: 401 })
  }

  const body = await req.json().catch(() => ({}))
  const bounceMin = toNumber(body?.bounce_min, DEFAULT_BOUNCE_MIN)
  const spamMin = toNumber(body?.spam_min, DEFAULT_SPAM_MIN)
  const days = toNumber(body?.days, DEFAULT_DAYS)
  const mode = String(body?.mode ?? "bulk")
  const subaccountIds = Array.isArray(body?.subaccount_ids)
    ? body.subaccount_ids.map((v: unknown) => String(v ?? "").trim()).filter(Boolean)
    : undefined

  try {
    if (mode === "test") {
      const subaccountId = String(body?.subaccount_id ?? "").trim()
      if (!subaccountId) {
        return NextResponse.json({ error: "MISSING_SUBACCOUNT_ID" }, { status: 400 })
      }
      const overrideEmail = body?.email ? String(body.email).trim() : null
      const result = await sendTestAlert({ subaccountId, days, overrideEmail })
      return NextResponse.json({ ok: true, result })
    }

    const result = await sendAlerts({ bounceMin, spamMin, days, subaccountIds })
    return NextResponse.json({ ok: true, result })
  } catch (e: unknown) {
    const msg = e instanceof Error ? e.message : String(e ?? "")
    return NextResponse.json({ error: msg || "ALERTS_SEND_ERROR" }, { status: 500 })
  }
}