import { NextRequest, NextResponse } from 'next/server'
import pool from '@/lib/db'
import { getSessionFromRequest } from '@/lib/session'

export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  const user = await getSessionFromRequest(req)
  if (!user) return NextResponse.json({ error: 'Não autorizado' }, { status: 401 })

  const { id } = await params
  const { user_id } = await req.json()

  // Verifica duplicata
  const [exists] = await pool.execute<any[]>(
    'SELECT id FROM ad_group_members WHERE group_id = ? AND user_id = ?',
    [id, user_id]
  )
  if (exists[0]) return NextResponse.json({ error: 'Usuário já é membro' }, { status: 409 })

  await pool.execute('INSERT INTO ad_group_members (group_id, user_id) VALUES (?, ?)', [id, user_id])

  const [groupRows] = await pool.execute<any[]>('SELECT tenant_id FROM ad_groups WHERE id = ?', [id])
  if (groupRows[0]) {
    await pool.execute(
      `INSERT INTO agent_tasks (tenant_id, type, payload, status) VALUES (?, 'add_group_member', ?, 'pending')`,
      [groupRows[0].tenant_id, JSON.stringify({ group_id: id, user_id })]
    )
  }

  return NextResponse.json({ ok: true })
}

export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  const user = await getSessionFromRequest(req)
  if (!user) return NextResponse.json({ error: 'Não autorizado' }, { status: 401 })

  const { id } = await params
  const { user_id } = await req.json()

  await pool.execute('DELETE FROM ad_group_members WHERE group_id = ? AND user_id = ?', [id, user_id])

  const [groupRows] = await pool.execute<any[]>('SELECT tenant_id FROM ad_groups WHERE id = ?', [id])
  if (groupRows[0]) {
    await pool.execute(
      `INSERT INTO agent_tasks (tenant_id, type, payload, status) VALUES (?, 'remove_group_member', ?, 'pending')`,
      [groupRows[0].tenant_id, JSON.stringify({ group_id: id, user_id })]
    )
  }

  return NextResponse.json({ ok: true })
}