breakpilot-compliance/admin-compliance/app/api/admin/consent/[[...path]]/route.ts

/**
 * Admin Consent API Proxy - Catch-all route
 * Proxies all /api/admin/consent/* requests to backend-compliance
 *
 * Maps: /api/admin/consent/<path> → backend-compliance:8002/api/compliance/legal-documents/<path>
 */

import { NextRequest, NextResponse } from 'next/server'

const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'

async function proxyRequest(
  request: NextRequest,
  pathSegments: string[] | undefined,
  method: string
) {
  const pathStr = pathSegments?.join('/') || ''
  const searchParams = request.nextUrl.searchParams.toString()
  const basePath = `${BACKEND_URL}/api/compliance/legal-documents`
  const url = pathStr
    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
    : `${basePath}${searchParams ? `?${searchParams}` : ''}`

  try {
    const headers: HeadersInit = {}
    const contentType = request.headers.get('Content-Type')
    if (contentType) headers['Content-Type'] = contentType

    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
    for (const name of headerNames) {
      const value = request.headers.get(name)
      if (value) {
        headers[name] = value
      }
    }

    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
    const clientUserId = request.headers.get('x-user-id')
    const clientTenantId = request.headers.get('x-tenant-id')
    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')

    const fetchOptions: RequestInit = {
      method,
      headers,
      signal: AbortSignal.timeout(60000),
    }

    if (method === 'POST' || method === 'PUT') {
      const isMultipart = contentType?.includes('multipart/form-data')
      if (isMultipart) {
        const buffer = await request.arrayBuffer()
        if (buffer.byteLength > 0) {
          fetchOptions.body = buffer
        }
      } else {
        const body = await request.text()
        if (body) {
          fetchOptions.body = body
        }
      }
    }

    const response = await fetch(url, fetchOptions)

    if (!response.ok) {
      const errorText = await response.text()
      let errorJson
      try {
        errorJson = JSON.parse(errorText)
      } catch {
        errorJson = { error: errorText }
      }
      return NextResponse.json(
        { error: `Backend Error: ${response.status}`, ...errorJson },
        { status: response.status }
      )
    }

    const data = await response.json()
    return NextResponse.json(data)
  } catch (error) {
    console.error('Admin Consent API proxy error:', error)
    return NextResponse.json(
      { error: 'Verbindung zum Compliance Backend fehlgeschlagen' },
      { status: 503 }
    )
  }
}

export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params
  return proxyRequest(request, path, 'GET')
}

export async function POST(
  request: NextRequest,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params
  return proxyRequest(request, path, 'POST')
}

export async function PUT(
  request: NextRequest,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params
  return proxyRequest(request, path, 'PUT')
}

export async function DELETE(
  request: NextRequest,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params
  return proxyRequest(request, path, 'DELETE')
}