import { supabaseServiceRole } from '@/lib/supabase';
import type { APIRoute } from 'astro';

const ALLOWED_FIELDS = [
  'callname',
  'birth_year',
  'biological_sex',
  'body_height_cm',
  'body_weight_kg',
  'health_conditions',
  'food_restrictions',
  'food_preferences',
];

export const POST: APIRoute = async ({ request }) => {
  const headers = { 'Content-Type': 'application/json' };

  if (!supabaseServiceRole) {
    return new Response(JSON.stringify({ success: false, message: 'Service unavailable' }), {
      status: 503,
      headers,
    });
  }

  try {
    const { userId, updates } = await request.json();

    if (!userId || !updates) {
      return new Response(
        JSON.stringify({ success: false, message: 'User ID and updates required' }),
        { status: 400, headers }
      );
    }

    const sanitizedUpdates: Record<string, unknown> = {};
    for (const key of ALLOWED_FIELDS) {
      if (key in updates) {
        sanitizedUpdates[key] = updates[key];
      }
    }

    if (Object.keys(sanitizedUpdates).length === 0) {
      return new Response(
        JSON.stringify({ success: false, message: 'No valid fields to update' }),
        { status: 400, headers }
      );
    }

    const { data, error } = await supabaseServiceRole
      .from('profiles')
      .update(sanitizedUpdates)
      .eq('workos_user_id', userId)
      .select();

    if (error) {
      return new Response(JSON.stringify({ success: false, message: 'Failed to update profile' }), {
        status: 500,
        headers,
      });
    }

    if (!data || data.length === 0) {
      return new Response(JSON.stringify({ success: false, message: 'Profile not found' }), {
        status: 404,
        headers,
      });
    }

    return new Response(JSON.stringify({ success: true }), { status: 200, headers });
  } catch {
    return new Response(JSON.stringify({ success: false, message: 'Internal server error' }), {
      status: 500,
      headers,
    });
  }
};