import { NextResponse } from "next/server";
import { writeFile, mkdir } from "fs/promises";
import path from "path";
import { randomUUID } from "crypto";
import { requireAdmin, unauthorized } from "@/lib/admin-api";

export async function POST(req: Request) {
  const admin = await requireAdmin();
  if (!admin) return unauthorized();

  const form = await req.formData();
  const file = form.get("file") as File | null;
  if (!file?.size) {
    return NextResponse.json({ error: "Arquivo obrigatório" }, { status: 400 });
  }

  const buf = Buffer.from(await file.arrayBuffer());
  const ext = path.extname(file.name) || "";
  const name = `${randomUUID()}${ext}`;
  const dir = path.join(process.cwd(), "public", "uploads");
  await mkdir(dir, { recursive: true });
  const full = path.join(dir, name);
  await writeFile(full, buf);

  const url = `/api/uploads/${name}`;
  return NextResponse.json({ url, fileName: file.name, mimeType: file.type });
}