cre-sync/app/api/v1/admin/settings/route.ts

import { NextRequest, NextResponse } from 'next/server';
import { z } from 'zod';
import { getSession, isSuperAdmin } from '@/lib/auth';
import { settingsService } from '@/lib/settings';
import { Role } from '@/types';

export async function GET(request: NextRequest) {
  const session = await getSession();
  if (!session || !isSuperAdmin(session.user.role as Role)) {
    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
  }

  try {
    const settings = await settingsService.getAllMasked();
    return NextResponse.json({ settings });
  } catch (error) {
    return NextResponse.json({ error: 'Failed to fetch settings' }, { status: 500 });
  }
}

const updateSettingsSchema = z.object({
  ghlAgencyApiKey: z.string().optional(),
  ghlAgencyId: z.string().optional(),
  ghlPrivateToken: z.string().optional(),
  ghlOwnerLocationId: z.string().optional(),
  ghlWebhookSecret: z.string().optional(),
  tagHighGCI: z.string().optional(),
  tagOnboardingComplete: z.string().optional(),
  tagDFYRequested: z.string().optional(),
  stripeSecretKey: z.string().optional(),
  stripeWebhookSecret: z.string().optional(),
  clickupApiKey: z.string().optional(),
  clickupListId: z.string().optional(),
  dfyPriceFullSetup: z.string().optional(),
  dfyPriceSmsSetup: z.string().optional(),
  dfyPriceEmailSetup: z.string().optional(),
  calendlyCoachingLink: z.string().optional(),
  calendlyTeamLink: z.string().optional(),
  notificationEmail: z.string().email().optional(),
  // AI Configuration
  claudeApiKey: z.string().optional(),
  openaiApiKey: z.string().optional(),
  mcpServerUrl: z.string().optional(),
});

export async function PUT(request: NextRequest) {
  const session = await getSession();
  if (!session || !isSuperAdmin(session.user.role as Role)) {
    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
  }

  try {
    const body = await request.json();
    const validated = updateSettingsSchema.parse(body);

    // Filter out empty strings
    const filteredSettings = Object.fromEntries(
      Object.entries(validated).filter(([_, v]) => v !== '' && v !== undefined)
    );

    await settingsService.setMany(filteredSettings, session.user.id);

    return NextResponse.json({ success: true });
  } catch (error) {
    if (error instanceof z.ZodError) {
      return NextResponse.json({ error: 'Validation failed', details: error.issues }, { status: 400 });
    }
    return NextResponse.json({ error: 'Failed to update settings' }, { status: 500 });
  }
}