payment-backoffice/app/api/dashboard/admin/[resource]/[id]/route.ts

import {
  AUTH_COOKIE_NAME,
  BE_BASE_URL,
  getAdminResourceCacheTag,
} from "@/app/services/constants";
import { NextRequest, NextResponse } from "next/server";
import { revalidateTag } from "next/cache";

const ALLOWED_RESOURCES = [
  "groups",
  "currencies",
  "permissions",
  "merchants",
  "sessions",
  "users",
];

export async function PUT(
  request: NextRequest,
  context: { params: Promise<{ resource: string; id: string }> }
) {
  try {
    const { resource, id } = await context.params;

    if (!ALLOWED_RESOURCES.includes(resource)) {
      return NextResponse.json(
        { message: `Resource '${resource}' is not allowed` },
        { status: 400 }
      );
    }

    const body = await request.json();

    const { cookies } = await import("next/headers");
    const cookieStore = await cookies();
    const token = cookieStore.get(AUTH_COOKIE_NAME)?.value;

    if (!token) {
      return NextResponse.json(
        { message: "Missing Authorization header" },
        { status: 401 }
      );
    }

    const response = await fetch(`${BE_BASE_URL}/api/v1/${resource}/${id}`, {
      method: "PUT",
      headers: {
        "Content-Type": "application/json",
        Authorization: `Bearer ${token}`,
      },
      body: JSON.stringify(body),
    });

    const data = await response.json();

    // Revalidate the cache for this resource after successful update
    if (response.ok) {
      revalidateTag(getAdminResourceCacheTag(resource));
    }

    return NextResponse.json(data, { status: response.status });
  } catch (err: unknown) {
    let resourceName = "resource";
    try {
      const { resource } = await context.params;
      resourceName = resource;
    } catch {
      // If we can't get resource, use default
    }
    console.error(`Proxy PUT /api/v1/${resourceName}/{id} error:`, err);
    const errorMessage =
      err instanceof Error ? err.message : "Unknown error occurred";
    return NextResponse.json(
      { message: "Internal server error", error: errorMessage },
      { status: 500 }
    );
  }
}

export async function DELETE(
  _request: Request,
  context: { params: Promise<{ resource: string; id: string }> }
) {
  try {
    const { resource, id } = await context.params;

    if (!ALLOWED_RESOURCES.includes(resource)) {
      return NextResponse.json(
        { message: `Resource '${resource}' is not allowed` },
        { status: 400 }
      );
    }

    const { cookies } = await import("next/headers");
    const cookieStore = await cookies();
    const token = cookieStore.get(AUTH_COOKIE_NAME)?.value;

    if (!token) {
      return NextResponse.json(
        { message: "Missing Authorization header" },
        { status: 401 }
      );
    }

    const response = await fetch(`${BE_BASE_URL}/api/v1/${resource}/${id}`, {
      method: "DELETE",
      headers: {
        Authorization: `Bearer ${token}`,
      },
    });

    let data: unknown = null;
    try {
      data = await response.json();
    } catch {
      data = { success: response.ok };
    }

    // Revalidate the cache for this resource after successful deletion
    if (response.ok) {
      revalidateTag(getAdminResourceCacheTag(resource));
    }

    return NextResponse.json(data ?? { success: response.ok }, {
      status: response.status,
    });
  } catch (err: unknown) {
    let resourceName = "resource";
    try {
      const { resource } = await context.params;
      resourceName = resource;
    } catch {
      // If we can't get resource, use default
    }
    console.error(`Proxy DELETE /api/v1/${resourceName}/{id} error:`, err);
    const errorMessage =
      err instanceof Error ? err.message : "Unknown error occurred";
    return NextResponse.json(
      { message: "Internal server error", error: errorMessage },
      { status: 500 }
    );
  }
}