calvana/pledge-now-pay-later/src/app/api/settings/route.ts

import { NextRequest, NextResponse } from "next/server"
import prisma from "@/lib/prisma"
import { getOrgId, requirePermission } from "@/lib/session"

export async function GET(request: NextRequest) {
  try {
    if (!prisma) return NextResponse.json({ error: "DB not configured" }, { status: 503 })
    const orgId = await getOrgId(request.headers.get("x-org-id"))
    if (!orgId) return NextResponse.json({ error: "Org not found" }, { status: 404 })

    const org = await prisma.organization.findUnique({ where: { id: orgId } })
    if (!org) return NextResponse.json({ error: "Org not found" }, { status: 404 })

    return NextResponse.json({
      id: org.id,
      name: org.name,
      slug: org.slug,
      country: org.country,
      bankName: org.bankName || "",
      bankSortCode: org.bankSortCode || "",
      bankAccountNo: org.bankAccountNo || "",
      bankAccountName: org.bankAccountName || "",
      refPrefix: org.refPrefix,
      logo: org.logo,
      primaryColor: org.primaryColor,
      gcAccessToken: org.gcAccessToken ? "••••••••" : "",
      gcEnvironment: org.gcEnvironment,
      stripeSecretKey: org.stripeSecretKey ? "••••••••" : "",
      stripeWebhookSecret: org.stripeWebhookSecret ? "••••••••" : "",
      orgType: org.orgType || "charity",
    })
  } catch (error) {
    console.error("Settings GET error:", error)
    return NextResponse.json({ error: "Internal error" }, { status: 500 })
  }
}

export async function PUT(request: NextRequest) {
  try {
    if (!prisma) return NextResponse.json({ error: "DB not configured" }, { status: 503 })
    const allowed = await requirePermission("settings.write")
    if (!allowed) return NextResponse.json({ error: "Admin access required" }, { status: 403 })

    const body = await request.json()

    // Try to find existing org first
    const orgId = await getOrgId(request.headers.get("x-org-id"))

    if (orgId) {
      // Update existing
      const allowed = ["name", "charityNumber", "bankName", "bankSortCode", "bankAccountNo", "bankAccountName", "refPrefix", "primaryColor", "logo"]
      const data: Record<string, string> = {}
      for (const key of allowed) {
        if (key in body && body[key] !== undefined) data[key] = body[key]
      }
      const org = await prisma.organization.update({ where: { id: orgId }, data })
      return NextResponse.json({ id: org.id, name: org.name, created: false })
    } else {
      // Create new org
      const slug = (body.name || "org").toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/(^-|-$)/g, "")
      const org = await prisma.organization.create({
        data: {
          name: body.name || "My Charity",
          slug: slug || "my-charity",
          country: "GB",
          bankName: body.bankName || "",
          bankSortCode: body.bankSortCode || "",
          bankAccountNo: body.bankAccountNo || "",
          bankAccountName: body.bankAccountName || body.name || "",
          refPrefix: slug.substring(0, 4).toUpperCase() || "PNPL",
        },
      })
      return NextResponse.json({ id: org.id, name: org.name, created: true })
    }
  } catch (error) {
    console.error("Settings PUT error:", error)
    return NextResponse.json({ error: "Internal error" }, { status: 500 })
  }
}

export async function PATCH(request: NextRequest) {
  try {
    if (!prisma) return NextResponse.json({ error: "DB not configured" }, { status: 503 })
    const allowed = await requirePermission("settings.write")
    if (!allowed) return NextResponse.json({ error: "Admin access required" }, { status: 403 })
    const orgId = await getOrgId(request.headers.get("x-org-id"))
    if (!orgId) return NextResponse.json({ error: "Org not found" }, { status: 404 })

    const body = await request.json()
    const stringKeys = ["name", "bankName", "bankSortCode", "bankAccountNo", "bankAccountName", "refPrefix", "primaryColor", "logo", "gcAccessToken", "gcEnvironment", "stripeSecretKey", "stripeWebhookSecret"]
    // eslint-disable-next-line @typescript-eslint/no-explicit-any
    const data: Record<string, any> = {}
    for (const key of stringKeys) {
      if (key in body && body[key] !== undefined && body[key] !== "••••••••") {
        data[key] = body[key]
      }
    }
    // (boolean fields can be added here as needed)

    const org = await prisma.organization.update({
      where: { id: orgId },
      data,
    })

    return NextResponse.json({ success: true, name: org.name })
  } catch (error) {
    console.error("Settings PATCH error:", error)
    return NextResponse.json({ error: "Internal error" }, { status: 500 })
  }
}