vfxreview/app/api/client/[token]/comment/route.ts

import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { slackNotifyNewFeedback } from "@/lib/slack";

/** Find or create a guest user for the client reviewer based on the session email */
async function getOrCreateClientUser(email: string, label?: string | null) {
  const existing = await db.user.findUnique({ where: { email } });
  if (existing) return existing;
  return db.user.create({
    data: {
      email,
      name: label ?? email.split("@")[0],
      role: "CLIENT",
      isActive: true,
    },
  });
}

async function validateToken(token: string) {
  const session = await db.reviewSession.findUnique({ where: { token } });
  if (!session || !session.isActive) return null;
  if (session.expiresAt && session.expiresAt < new Date()) return null;
  return session;
}

export async function POST(
  req: NextRequest,
  { params }: { params: Promise<{ token: string }> }
) {
  const { token } = await params;
  const session = await validateToken(token);
  if (!session) {
    return NextResponse.json({ error: "Invalid or expired review link" }, { status: 403 });
  }

  const body = await req.json();
  const { versionId, frameNumber, timestamp, text } = body;

  if (!versionId || frameNumber == null || timestamp == null || !text?.trim()) {
    return NextResponse.json({ error: "Missing required fields" }, { status: 400 });
  }

  // Ensure the version belongs to this project
  const version = await db.version.findUnique({
    where: { id: versionId },
    include: {
      shot: { select: { projectId: true, shotCode: true, project: { select: { slackWebhook: true } } } },
      task: { select: { projectId: true, title: true, project: { select: { slackWebhook: true } }, shot: { select: { shotCode: true } } } },
    },
  });
  const projectId = version?.shot?.projectId ?? version?.task?.projectId;
  if (!version || projectId !== session.projectId) {
    return NextResponse.json({ error: "Version not found" }, { status: 404 });
  }

  // Resolve commenter identity
  const email = session.email ?? `client+${token.slice(0, 8)}@review.external`;
  const user = await getOrCreateClientUser(email, session.label);

  const comment = await db.comment.create({
    data: {
      versionId,
      authorId: user.id,
      frameNumber,
      timestamp,
      text: text.trim(),
    },
    include: {
      author: { select: { id: true, name: true, image: true, email: true } },
      replies: true,
    },
  });

  // Slack notification
  const slackWebhook =
    version.shot?.project?.slackWebhook ?? version.task?.project?.slackWebhook ?? null;
  const shotCode =
    version.shot?.shotCode ?? version.task?.shot?.shotCode ?? version.task?.title ?? "Task";
  if (slackWebhook) {
    const appUrl = process.env.NEXT_PUBLIC_APP_URL ?? "http://localhost:3000";
    await slackNotifyNewFeedback(slackWebhook, {
      shotCode,
      frameNumber,
      authorName: user.name ?? user.email,
      commentText: text.trim(),
      reviewUrl: `${appUrl}/client/${token}/review/${versionId}`,
    });
  }

  return NextResponse.json({ comment }, { status: 201 });
}