/**
 * API: Single Notification Endpoint
 * GET /api/notifications/:id - Get notification details
 * PATCH /api/notifications/:id - Update notification (mark as read)
 * DELETE /api/notifications/:id - Delete notification
 */

import type { NextApiRequest, NextApiResponse } from 'next';
import { getNotificationService } from '../../../lib/notifications';

export default async function handler(
  req: NextApiRequest,
  res: NextApiResponse
) {
  const { id } = req.query;
  const notificationId = id as string;

  if (!notificationId) {
    return res.status(400).json({ error: 'Notification ID required' });
  }

  const notificationService = getNotificationService();
  // In production, get userId from session/auth
  const userId = req.query.userId as string || req.body?.userId || 'demo-user';

  if (req.method === 'GET') {
    try {
      const notification = notificationService.getNotification(notificationId);

      if (!notification) {
        return res.status(404).json({
          success: false,
          error: 'Notification not found'
        });
      }

      // Check ownership
      if (notification.recipientId !== userId) {
        return res.status(403).json({
          success: false,
          error: 'Access denied'
        });
      }

      return res.status(200).json({
        success: true,
        data: notification
      });
    } catch (error: any) {
      return res.status(500).json({
        success: false,
        error: error.message
      });
    }
  }

  if (req.method === 'PATCH') {
    try {
      const { read } = req.body;

      if (read === true) {
        const success = notificationService.markAsRead(notificationId, userId);

        if (!success) {
          return res.status(404).json({
            success: false,
            error: 'Notification not found or access denied'
          });
        }
      }

      const notification = notificationService.getNotification(notificationId);

      return res.status(200).json({
        success: true,
        data: notification
      });
    } catch (error: any) {
      return res.status(500).json({
        success: false,
        error: error.message
      });
    }
  }

  if (req.method === 'DELETE') {
    try {
      const success = notificationService.delete(notificationId, userId);

      if (!success) {
        return res.status(404).json({
          success: false,
          error: 'Notification not found or access denied'
        });
      }

      return res.status(200).json({
        success: true,
        message: 'Notification deleted'
      });
    } catch (error: any) {
      return res.status(500).json({
        success: false,
        error: error.message
      });
    }
  }

  return res.status(405).json({ error: 'Method not allowed' });
}