import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getApiUser } from "@/lib/apiAuth";
export async function GET(req: NextRequest) {
  const { searchParams } = new URL(req.url);
  const position = searchParams.get("position");
  const countryId = searchParams.get("countryId");

  const players = await db.player.findMany({
    where: {
      ...(position ? { position: position as any } : {}),
      ...(countryId ? { countryId } : {}),
    },
    include: { country: true },
    orderBy: { totalPoints: "desc" },
  });

  return NextResponse.json(players);
}

export async function POST(req: NextRequest) {
  const apiUser = await getApiUser(req);
  if (!apiUser || apiUser.role !== "ADMIN") {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

  const body = await req.json();
  const player = await db.player.create({
    data: {
      ...body,
      cardTier: body.cardTier ?? "BRONZE",
      isGoldenCardEligible: (body.cardTier ?? "BRONZE") === "GOLD",
    },
  });
  return NextResponse.json(player, { status: 201 });
}