/**
 * Compliance Regulations API Route - Proxy to Backend
 *
 * Returns all 21 regulations with source URLs to original documents
 * Includes: GDPR, ePrivacy, TDDDG, SCC, DPF, AI Act, CRA, NIS2, EU CSA,
 * Data Act, DGA, DSA, EAA, DSM, PLD, GPSR, BSI-TR-03161 (1-3), BSI C5, DORA
 */

import { NextRequest, NextResponse } from 'next/server'

const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8000'

export async function GET(request: NextRequest) {
  try {
    const response = await fetch(`${BACKEND_URL}/api/v1/compliance/regulations`, {
      method: 'GET',
      headers: {
        'Content-Type': 'application/json',
      },
      signal: AbortSignal.timeout(30000)
    })

    if (!response.ok) {
      // If backend doesn't have this endpoint yet, return seed data
      if (response.status === 404) {
        return NextResponse.json({
          regulations: getStaticRegulations()
        })
      }
      const errorText = await response.text()
      return NextResponse.json(
        { error: `Backend Error: ${response.status}`, details: errorText },
        { status: response.status }
      )
    }

    const data = await response.json()
    return NextResponse.json(data)
  } catch (error) {
    console.error('Regulations proxy error:', error)
    // Return static data as fallback
    return NextResponse.json({
      regulations: getStaticRegulations()
    })
  }
}

// Static seed data with source URLs - matches regulations.py
function getStaticRegulations() {
  return [
    {
      id: '1', code: 'GDPR', name: 'DSGVO',
      full_name: 'Verordnung (EU) 2016/679 - Datenschutz-Grundverordnung',
      regulation_type: 'eu_regulation',
      source_url: 'https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng',
      description: 'Grundverordnung zum Schutz natuerlicher Personen bei der Verarbeitung personenbezogener Daten.',
      is_active: true, requirement_count: 99,
    },
    {
      id: '2', code: 'EPRIVACY', name: 'ePrivacy-Richtlinie',
      full_name: 'Richtlinie 2002/58/EG',
      regulation_type: 'eu_directive',
      source_url: 'https://eur-lex.europa.eu/eli/dir/2002/58/oj/eng',
      description: 'Datenschutz in der elektronischen Kommunikation, Cookies und Tracking.',
      is_active: true, requirement_count: 25,
    },
    {
      id: '3', code: 'TDDDG', name: 'TDDDG',
      full_name: 'Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz',
      regulation_type: 'de_law',
      source_url: 'https://www.gesetze-im-internet.de/ttdsg/',
      description: 'Deutsche Umsetzung der ePrivacy-Richtlinie.',
      is_active: true, requirement_count: 15,
    },
    {
      id: '4', code: 'SCC', name: 'Standardvertragsklauseln',
      full_name: 'Durchfuehrungsbeschluss (EU) 2021/914',
      regulation_type: 'eu_regulation',
      source_url: 'https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj/eng',
      description: 'Standardvertragsklauseln fuer Drittlandtransfers.',
      is_active: true, requirement_count: 18,
    },
    {
      id: '5', code: 'DPF', name: 'EU-US Data Privacy Framework',
      full_name: 'Durchfuehrungsbeschluss (EU) 2023/1795',
      regulation_type: 'eu_regulation',
      source_url: 'https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj',
      description: 'Angemessenheitsbeschluss fuer USA-Transfers.',
      is_active: true, requirement_count: 12,
    },
    {
      id: '6', code: 'AIACT', name: 'EU AI Act',
      full_name: 'Verordnung (EU) 2024/1689 - KI-Verordnung',
      regulation_type: 'eu_regulation',
      source_url: 'https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng',
      description: 'EU-Verordnung zur Regulierung von KI-Systemen nach Risikostufen.',
      is_active: true, requirement_count: 85,
    },
    {
      id: '7', code: 'CRA', name: 'Cyber Resilience Act',
      full_name: 'Verordnung (EU) 2024/2847',
      regulation_type: 'eu_regulation',
      source_url: 'https://eur-lex.europa.eu/eli/reg/2024/2847/oj/eng',
      description: 'Cybersicherheitsanforderungen, SBOM-Pflicht.',
      is_active: true, requirement_count: 45,
    },
    {
      id: '8', code: 'NIS2', name: 'NIS2-Richtlinie',
      full_name: 'Richtlinie (EU) 2022/2555',
      regulation_type: 'eu_directive',
      source_url: 'https://eur-lex.europa.eu/eli/dir/2022/2555/oj/eng',
      description: 'Cybersicherheit fuer wesentliche Einrichtungen.',
      is_active: true, requirement_count: 46,
    },
    {
      id: '9', code: 'EUCSA', name: 'EU Cybersecurity Act',
      full_name: 'Verordnung (EU) 2019/881',
      regulation_type: 'eu_regulation',
      source_url: 'https://eur-lex.europa.eu/eli/reg/2019/881/oj/eng',
      description: 'ENISA und Cybersicherheitszertifizierung.',
      is_active: true, requirement_count: 35,
    },
    {
      id: '10', code: 'DATAACT', name: 'Data Act',
      full_name: 'Verordnung (EU) 2023/2854',
      regulation_type: 'eu_regulation',
      source_url: 'https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng',
      description: 'Fairer Datenzugang, IoT-Daten, Cloud-Wechsel.',
      is_active: true, requirement_count: 42,
    },
    {
      id: '11', code: 'DGA', name: 'Data Governance Act',
      full_name: 'Verordnung (EU) 2022/868',
      regulation_type: 'eu_regulation',
      source_url: 'https://eur-lex.europa.eu/eli/reg/2022/868/oj/eng',
      description: 'Weiterverwendung oeffentlicher Daten.',
      is_active: true, requirement_count: 35,
    },
    {
      id: '12', code: 'DSA', name: 'Digital Services Act',
      full_name: 'Verordnung (EU) 2022/2065',
      regulation_type: 'eu_regulation',
      source_url: 'https://eur-lex.europa.eu/eli/reg/2022/2065/oj/eng',
      description: 'Digitale Dienste, Transparenzpflichten.',
      is_active: true, requirement_count: 93,
    },
    {
      id: '13', code: 'EAA', name: 'European Accessibility Act',
      full_name: 'Richtlinie (EU) 2019/882',
      regulation_type: 'eu_directive',
      source_url: 'https://eur-lex.europa.eu/eli/dir/2019/882/oj/eng',
      description: 'Barrierefreiheit digitaler Produkte.',
      is_active: true, requirement_count: 25,
    },
    {
      id: '14', code: 'DSM', name: 'DSM-Urheberrechtsrichtlinie',
      full_name: 'Richtlinie (EU) 2019/790',
      regulation_type: 'eu_directive',
      source_url: 'https://eur-lex.europa.eu/eli/dir/2019/790/oj/eng',
      description: 'Urheberrecht, Text- und Data-Mining.',
      is_active: true, requirement_count: 22,
    },
    {
      id: '15', code: 'PLD', name: 'Produkthaftungsrichtlinie',
      full_name: 'Richtlinie (EU) 2024/2853',
      regulation_type: 'eu_directive',
      source_url: 'https://eur-lex.europa.eu/eli/dir/2024/2853/oj/eng',
      description: 'Produkthaftung inkl. Software und KI.',
      is_active: true, requirement_count: 18,
    },
    {
      id: '16', code: 'GPSR', name: 'General Product Safety',
      full_name: 'Verordnung (EU) 2023/988',
      regulation_type: 'eu_regulation',
      source_url: 'https://eur-lex.europa.eu/eli/reg/2023/988/oj/eng',
      description: 'Allgemeine Produktsicherheit.',
      is_active: true, requirement_count: 30,
    },
    {
      id: '17', code: 'BSI-TR-03161-1', name: 'BSI-TR-03161 Teil 1',
      full_name: 'BSI Technische Richtlinie - Allgemeine Anforderungen',
      regulation_type: 'bsi_standard',
      source_url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03161/BSI-TR-03161-1.html',
      description: 'Allgemeine Sicherheitsanforderungen (45 Pruefaspekte).',
      is_active: true, requirement_count: 45,
    },
    {
      id: '18', code: 'BSI-TR-03161-2', name: 'BSI-TR-03161 Teil 2',
      full_name: 'BSI Technische Richtlinie - Web-Anwendungen',
      regulation_type: 'bsi_standard',
      source_url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03161/BSI-TR-03161-2.html',
      description: 'Web-Sicherheit (40 Pruefaspekte).',
      is_active: true, requirement_count: 40,
    },
    {
      id: '19', code: 'BSI-TR-03161-3', name: 'BSI-TR-03161 Teil 3',
      full_name: 'BSI Technische Richtlinie - Hintergrundsysteme',
      regulation_type: 'bsi_standard',
      source_url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03161/BSI-TR-03161-3.html',
      description: 'Backend-Sicherheit (35 Pruefaspekte).',
      is_active: true, requirement_count: 35,
    },
    {
      id: '20', code: 'BSI-C5', name: 'BSI C5',
      full_name: 'Cloud Computing Compliance Criteria Catalogue',
      regulation_type: 'bsi_standard',
      source_url: 'https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/kriterienkatalog-c5_node.html',
      description: 'Deutscher Cloud-Sicherheitsstandard mit 121 Kriterien in 17 Bereichen (OIS, SP, HR, AM, PS, OPS, COS, IDM, CRY, SIM, BCM, COM, SA, SUA, PI).',
      is_active: true, requirement_count: 121,
    },
    {
      id: '21', code: 'DORA', name: 'DORA',
      full_name: 'Verordnung (EU) 2022/2554 - Digital Operational Resilience Act',
      regulation_type: 'eu_regulation',
      source_url: 'https://eur-lex.europa.eu/eli/reg/2022/2554/oj/deu',
      description: 'EU-Verordnung fuer digitale operationale Resilienz im Finanzsektor. IKT-Risikomanagement, Incident-Reporting, Resilienztests, Drittparteienrisiko.',
      is_active: true, requirement_count: 64,
    },
  ]
}