import { NextResponse } from "next/server";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth-options";
import { prisma } from "@/lib/prisma";

export async function POST(req: Request) {
  const session = await getServerSession(authOptions);
  if (!session?.user?.id) {
    return NextResponse.json({ error: "Nicht angemeldet." }, { status: 401 });
  }

  const body = (await req.json().catch(() => null)) as { courseSlug?: string } | null;
  const courseSlug = body?.courseSlug?.trim();
  if (!courseSlug) {
    return NextResponse.json({ error: "courseSlug fehlt." }, { status: 400 });
  }

  const course = await prisma.course.findFirst({
    where: { slug: courseSlug, published: true },
  });
  if (!course) {
    return NextResponse.json({ error: "Kurs nicht gefunden." }, { status: 404 });
  }

  if (course.priceCents > 0) {
    return NextResponse.json({ error: "payment_required" }, { status: 402 });
  }

  await prisma.enrollment.upsert({
    where: {
      userId_courseId: { userId: session.user.id, courseId: course.id },
    },
    update: {},
    create: { userId: session.user.id, courseId: course.id },
  });

  return NextResponse.json({ ok: true });
}