import type { APIRoute } from 'astro';
import { db } from '../../../db';
import { users, members } from '../../../db/schema';
import { eq, and } from 'drizzle-orm';

export const POST: APIRoute = async ({ request, locals, redirect }) => {
  const user = locals.user;
  if (!user) {
    return new Response('Unauthorized', { status: 401 });
  }

  // Check if user is admin
  const userMembership = await db.select()
    .from(members)
    .where(eq(members.userId, user.id))
    .get();

  if (!userMembership || (userMembership.role !== 'owner' && userMembership.role !== 'admin')) {
    return new Response('Unauthorized', { status: 403 });
  }

  const formData = await request.formData();
  const email = formData.get('email')?.toString();
  const role = formData.get('role')?.toString() || 'member';

  if (!email) {
    return new Response('Email is required', { status: 400 });
  }

  if (!['member', 'admin'].includes(role)) {
    return new Response('Invalid role', { status: 400 });
  }

  // Find user by email
  const invitedUser = await db.select()
    .from(users)
    .where(eq(users.email, email))
    .get();

  if (!invitedUser) {
    return new Response('User not found. They must create an account first.', { status: 404 });
  }

  // Check if already a member
  const existingMember = await db.select()
    .from(members)
    .where(and(
      eq(members.userId, invitedUser.id),
      eq(members.organizationId, userMembership.organizationId)
    ))
    .get();

  if (existingMember) {
    return new Response('User is already a member', { status: 400 });
  }

  // Add to organization
  await db.insert(members).values({
    userId: invitedUser.id,
    organizationId: userMembership.organizationId,
    role,
  });

  return redirect('/dashboard/team');
};