import { NextResponse } from "next/server";
import { auth } from "@/lib/auth";
import { listSnapshots, deleteSnapshot } from "@/lib/snapshots";

export const dynamic = "force-dynamic";

export async function GET() {
  const session = await auth();
  if (!session) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 403 });
  }

  try {
    return NextResponse.json(listSnapshots());
  } catch (e) {
    return NextResponse.json(
      { error: (e as Error).message },
      { status: 500 }
    );
  }
}

export async function DELETE(req: Request) {
  const session = await auth();
  if (!session) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 403 });
  }

  const { dirName } = await req.json();
  if (!dirName) {
    return NextResponse.json({ error: "Missing dirName" }, { status: 400 });
  }

  // Prevent path traversal
  if (dirName.includes("/") || dirName.includes("\\") || dirName.includes("..")) {
    return NextResponse.json({ error: "Invalid name" }, { status: 400 });
  }

  try {
    deleteSnapshot(dirName);
    return NextResponse.json({ ok: true });
  } catch (e) {
    return NextResponse.json(
      { error: (e as Error).message },
      { status: 500 }
    );
  }
}