chronus/src/pages/api/invoices/[id]/items/delete.ts

import type { APIRoute } from "astro";
import { db } from "../../../../../db";
import { invoiceItems, invoices, members } from "../../../../../db/schema";
import { eq, and } from "drizzle-orm";
import { recalculateInvoiceTotals } from "../../../../../utils/invoice";

export const POST: APIRoute = async ({
  request,
  redirect,
  locals,
  params,
}) => {
  const user = locals.user;
  if (!user) {
    return redirect("/login");
  }

  const { id: invoiceId } = params;
  if (!invoiceId) {
    return new Response("Invoice ID required", { status: 400 });
  }

  const invoice = await db
    .select()
    .from(invoices)
    .where(eq(invoices.id, invoiceId))
    .get();

  if (!invoice) {
    return new Response("Invoice not found", { status: 404 });
  }

  const membership = await db
    .select()
    .from(members)
    .where(
      and(
        eq(members.userId, user.id),
        eq(members.organizationId, invoice.organizationId)
      )
    )
    .get();

  if (!membership) {
    return new Response("Unauthorized", { status: 401 });
  }

  if (invoice.status !== "draft") {
    return new Response("Cannot edit a finalized invoice", { status: 400 });
  }

  const formData = await request.formData();
  const itemId = formData.get("itemId") as string;

  if (!itemId) {
    return new Response("Item ID required", { status: 400 });
  }

  const item = await db
    .select()
    .from(invoiceItems)
    .where(and(eq(invoiceItems.id, itemId), eq(invoiceItems.invoiceId, invoiceId)))
    .get();

  if (!item) {
     return new Response("Item not found", { status: 404 });
  }

  try {
    await db.delete(invoiceItems).where(eq(invoiceItems.id, itemId));

    await recalculateInvoiceTotals(invoiceId);

    return redirect(`/dashboard/invoices/${invoiceId}`);
  } catch (error) {
    console.error("Error deleting invoice item:", error);
    return new Response("Internal Server Error", { status: 500 });
  }
};