breakpilot-core/pitch-deck/app/api/financial-model/route.ts

import { NextRequest, NextResponse } from 'next/server'
import pool from '@/lib/db'
import { getSessionFromCookie, validateAdminSecret } from '@/lib/auth'

export const dynamic = 'force-dynamic'

function assembleScenarios(scenarioRows: Record<string, unknown>[], assumptionRows: Record<string, unknown>[]) {
  return scenarioRows.map(s => ({
    ...s,
    assumptions: assumptionRows
      .filter((a: Record<string, unknown>) => a.scenario_id === (s as Record<string, unknown>).id)
      .map((a: Record<string, unknown>) => ({
        ...a,
        value: typeof a.value === 'string' ? JSON.parse(a.value as string) : a.value,
      })),
  }))
}

// GET: Load all scenarios with their assumptions (version-aware)
export async function GET() {
  try {
    // Check if investor has an assigned version with FM data
    const session = await getSessionFromCookie()
    let versionId: string | null = null

    if (session) {
      const inv = await pool.query(
        `SELECT assigned_version_id FROM pitch_investors WHERE id = $1`,
        [session.sub],
      )
      versionId = inv.rows[0]?.assigned_version_id || null
    }

    if (versionId) {
      const [scenarioData, assumptionData] = await Promise.all([
        pool.query(`SELECT data FROM pitch_version_data WHERE version_id = $1 AND table_name = 'fm_scenarios'`, [versionId]),
        pool.query(`SELECT data FROM pitch_version_data WHERE version_id = $1 AND table_name = 'fm_assumptions'`, [versionId]),
      ])

      if (scenarioData.rows.length > 0) {
        const scenarios = typeof scenarioData.rows[0].data === 'string'
          ? JSON.parse(scenarioData.rows[0].data) : scenarioData.rows[0].data
        const assumptions = assumptionData.rows.length > 0
          ? (typeof assumptionData.rows[0].data === 'string'
              ? JSON.parse(assumptionData.rows[0].data) : assumptionData.rows[0].data)
          : []
        return NextResponse.json(assembleScenarios(scenarios, assumptions))
      }
    }

    // Fallback: base tables
    const client = await pool.connect()
    try {
      const scenarios = await client.query(
        'SELECT * FROM pitch_fm_scenarios ORDER BY is_default DESC, name'
      )
      const assumptions = await client.query(
        'SELECT * FROM pitch_fm_assumptions ORDER BY sort_order'
      )
      return NextResponse.json(assembleScenarios(scenarios.rows, assumptions.rows))
    } finally {
      client.release()
    }
  } catch (error) {
    console.error('Financial model load error:', error)
    return NextResponse.json({ error: 'Failed to load scenarios' }, { status: 500 })
  }
}

// POST: Create a new scenario — admin only
export async function POST(request: NextRequest) {
  if (!validateAdminSecret(request)) {
    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
  }
  try {
    const body = await request.json()
    const { name, description, color, copyFrom } = body

    if (!name) {
      return NextResponse.json({ error: 'Name is required' }, { status: 400 })
    }

    const client = await pool.connect()
    try {
      const scenario = await client.query(
        'INSERT INTO pitch_fm_scenarios (name, description, color) VALUES ($1, $2, $3) RETURNING *',
        [name, description || '', color || '#6366f1']
      )

      // If copyFrom is set, copy assumptions from another scenario
      if (copyFrom) {
        await client.query(`
          INSERT INTO pitch_fm_assumptions (scenario_id, key, label_de, label_en, value, value_type, unit, min_value, max_value, step_size, category, sort_order)
          SELECT $1, key, label_de, label_en, value, value_type, unit, min_value, max_value, step_size, category, sort_order
          FROM pitch_fm_assumptions WHERE scenario_id = $2
        `, [scenario.rows[0].id, copyFrom])
      }

      return NextResponse.json(scenario.rows[0])
    } finally {
      client.release()
    }
  } catch (error) {
    console.error('Create scenario error:', error)
    return NextResponse.json({ error: 'Failed to create scenario' }, { status: 500 })
  }
}