/**
 * Security API Proxy - Catch-all route
 * Proxies all /api/v1/security/* requests to backend
 */

import { NextRequest, NextResponse } from 'next/server'

const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8000'

export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ path: string[] }> }
) {
  const { path } = await params
  const pathStr = path.join('/')
  const searchParams = request.nextUrl.searchParams.toString()
  const url = `${BACKEND_URL}/api/v1/security/${pathStr}${searchParams ? `?${searchParams}` : ''}`

  try {
    const response = await fetch(url, {
      method: 'GET',
      headers: {
        'Content-Type': 'application/json',
      },
      signal: AbortSignal.timeout(30000)
    })

    if (!response.ok) {
      const errorText = await response.text()
      return NextResponse.json(
        { error: `Backend Error: ${response.status}`, details: errorText },
        { status: response.status }
      )
    }

    const data = await response.json()
    return NextResponse.json(data)
  } catch (error) {
    console.error('Security API proxy error:', error)
    return NextResponse.json(
      { error: 'Verbindung zum Backend fehlgeschlagen' },
      { status: 503 }
    )
  }
}

export async function POST(
  request: NextRequest,
  { params }: { params: Promise<{ path: string[] }> }
) {
  const { path } = await params
  const pathStr = path.join('/')
  const url = `${BACKEND_URL}/api/v1/security/${pathStr}`

  try {
    let body = null
    const contentType = request.headers.get('content-type')
    if (contentType?.includes('application/json')) {
      // Try to parse JSON body, but handle empty body gracefully
      try {
        const text = await request.text()
        if (text && text.trim()) {
          body = JSON.parse(text)
        }
      } catch {
        // Empty or invalid JSON body - continue without body
        body = null
      }
    }

    const response = await fetch(url, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
      },
      body: body ? JSON.stringify(body) : undefined,
      signal: AbortSignal.timeout(120000) // 2 min for scans
    })

    if (!response.ok) {
      const errorText = await response.text()
      return NextResponse.json(
        { error: `Backend Error: ${response.status}`, details: errorText },
        { status: response.status }
      )
    }

    const data = await response.json()
    return NextResponse.json(data)
  } catch (error) {
    console.error('Security API proxy error:', error)
    return NextResponse.json(
      { error: 'Verbindung zum Backend fehlgeschlagen' },
      { status: 503 }
    )
  }
}