breakpilot-compliance/admin-compliance/app/api/sdk/v1/compliance/[[...path]]/route.ts

/**
 * Compliance API Proxy - Catch-all route
 * Proxies all /api/sdk/v1/compliance/* requests to backend-compliance
 *
 * Backend routes: requirements, controls, evidence, risks, audit, ai
 * All under /api/compliance/ prefix on backend-compliance:8002
 */

import { NextRequest, NextResponse } from 'next/server'

const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'

async function proxyRequest(
  request: NextRequest,
  pathSegments: string[] | undefined,
  method: string
) {
  const pathStr = pathSegments?.join('/') || ''
  const searchParams = request.nextUrl.searchParams.toString()
  const basePath = `${BACKEND_URL}/api/compliance`
  const url = pathStr
    ? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
    : `${basePath}${searchParams ? `?${searchParams}` : ''}`

  try {
    const headers: HeadersInit = {
      'Content-Type': 'application/json',
    }

    const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
    for (const name of headerNames) {
      const value = request.headers.get(name)
      if (value) {
        headers[name] = value
      }
    }

    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
    const clientUserId = request.headers.get('x-user-id')
    const clientTenantId = request.headers.get('x-tenant-id')
    headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
    headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')

    const fetchOptions: RequestInit = {
      method,
      headers,
      signal: AbortSignal.timeout(60000),
    }

    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
      const body = await request.text()
      if (body) {
        fetchOptions.body = body
      }
    }

    const response = await fetch(url, fetchOptions)

    if (!response.ok) {
      const errorText = await response.text()
      let errorJson
      try {
        errorJson = JSON.parse(errorText)
      } catch {
        errorJson = { error: errorText }
      }
      return NextResponse.json(
        { error: `Backend Error: ${response.status}`, ...errorJson },
        { status: response.status }
      )
    }

    // Handle PDF/binary responses
    const contentType = response.headers.get('content-type') || ''
    if (contentType.includes('application/pdf') || contentType.includes('application/octet-stream')) {
      const blob = await response.blob()
      return new NextResponse(blob, {
        status: response.status,
        headers: {
          'Content-Type': contentType,
          'Content-Disposition': response.headers.get('content-disposition') || '',
        },
      })
    }

    const data = await response.json()
    return NextResponse.json(data)
  } catch (error) {
    console.error('Compliance API proxy error:', error)
    return NextResponse.json(
      { error: 'Verbindung zum Compliance Backend fehlgeschlagen' },
      { status: 503 }
    )
  }
}

export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params
  return proxyRequest(request, path, 'GET')
}

export async function POST(
  request: NextRequest,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params
  return proxyRequest(request, path, 'POST')
}

export async function PUT(
  request: NextRequest,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params
  return proxyRequest(request, path, 'PUT')
}

export async function PATCH(
  request: NextRequest,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params
  return proxyRequest(request, path, 'PATCH')
}

export async function DELETE(
  request: NextRequest,
  { params }: { params: Promise<{ path?: string[] }> }
) {
  const { path } = await params
  return proxyRequest(request, path, 'DELETE')
}