import type { APIRoute } from "astro";
import { readFile } from "node:fs/promises";
import { join } from "node:path";

const MAPS_ROOT = join(process.env.REPO_ROOT ?? "/Users/ace/palacering", "palaces", "manglasabang", "palaceappsdata", "palacetravel", "maps");

export const GET: APIRoute = async ({ params }) => {
  const path = params.path;
  if (!path) return new Response("Not found", { status: 404 });

  const segments = path.split("/");
  // Prevent directory traversal
  if (segments.some(s => s === ".." || s === ".")) {
    return new Response("Forbidden", { status: 403 });
  }

  const fullPath = join(MAPS_ROOT, ...segments);

  // Only serve .json files
  if (!fullPath.endsWith(".json")) {
    return new Response("Not found", { status: 404 });
  }

  try {
    const content = await readFile(fullPath, "utf-8");
    return new Response(content, {
      headers: { "Content-Type": "application/json" },
    });
  } catch {
    return new Response("Not found", { status: 404 });
  }
};