import { NextRequest, NextResponse } from 'next/server' import pool from '@/lib/db' import { getSessionFromCookie } from '@/lib/auth' export async function GET() { const session = await getSessionFromCookie() if (!session) { return NextResponse.json({ error: 'Not authenticated' }, { status: 401 }) } const { rows } = await pool.query( `SELECT id, scenario_id, assumptions, label, is_latest, created_at FROM pitch_investor_snapshots WHERE investor_id = $1 AND is_latest = true ORDER BY created_at DESC`, [session.sub] ) return NextResponse.json({ snapshots: rows }) } export async function POST(request: NextRequest) { const session = await getSessionFromCookie() if (!session) { return NextResponse.json({ error: 'Not authenticated' }, { status: 401 }) } const body = await request.json() const { scenario_id, assumptions, label } = body if (!scenario_id || !assumptions) { return NextResponse.json({ error: 'scenario_id and assumptions required' }, { status: 400 }) } // Mark previous latest as not latest await pool.query( `UPDATE pitch_investor_snapshots SET is_latest = false WHERE investor_id = $1 AND scenario_id = $2 AND is_latest = true`, [session.sub, scenario_id] ) // Insert new snapshot const { rows } = await pool.query( `INSERT INTO pitch_investor_snapshots (investor_id, scenario_id, assumptions, label, is_latest) VALUES ($1, $2, $3, $4, true) RETURNING id, created_at`, [session.sub, scenario_id, JSON.stringify(assumptions), label || null] ) return NextResponse.json({ snapshot: rows[0] }) } export async function DELETE(request: NextRequest) { const session = await getSessionFromCookie() if (!session) { return NextResponse.json({ error: 'Not authenticated' }, { status: 401 }) } const { searchParams } = new URL(request.url) const id = searchParams.get('id') if (!id) { return NextResponse.json({ error: 'Snapshot id required' }, { status: 400 }) } await pool.query( `DELETE FROM pitch_investor_snapshots WHERE id = $1 AND investor_id = $2`, [id, session.sub] ) return NextResponse.json({ success: true }) }