import { NextRequest, NextResponse } from 'next/server';
import { getSession } from '@/lib/session';
import * as phpdb from '@/lib/phpdb';

export async function GET() {
  const session = await getSession();
  if (!session) return NextResponse.json({ error: 'Nicht angemeldet' }, { status: 401 });
  try {
    const rows = await phpdb.getObjekte();
    return NextResponse.json(rows);
  } catch (error) {
    console.error('GET /api/objekte:', error);
    return NextResponse.json({ error: 'Datenbankfehler' }, { status: 500 });
  }
}

export async function POST(req: NextRequest) {
  const session = await getSession();
  if (!session) return NextResponse.json({ error: 'Nicht angemeldet' }, { status: 401 });
  if (!session.role?.includes('admin')) return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 });
  try {
    const { name } = await req.json();
    const trimmed = (name as string)?.trim();
    if (!trimmed) return NextResponse.json({ error: 'Name darf nicht leer sein' }, { status: 400 });
    const result = await phpdb.createObjekt(trimmed);
    return NextResponse.json(result, { status: 201 });
  } catch (error) {
    console.error('POST /api/objekte:', error);
    return NextResponse.json({ error: 'Datenbankfehler' }, { status: 500 });
  }
}