import { Router } from 'express';
import { z } from 'zod';
import { pool } from '../db/connection.js';
import { requireAuth } from '../middleware/auth.js';

const router = Router();

router.post('/:dealId', requireAuth, async (req, res) => {
  const dealId = Number(req.params.dealId);
  const parsed = z.object({ revieweeId: z.number().int().positive(), rating: z.number().int().min(1).max(5), comment: z.string().max(2000).optional() }).safeParse(req.body);

  if (!parsed.success || Number.isNaN(dealId)) return res.status(400).json({ error: 'Invalid payload' });

  const now = new Date();
  const earliest = new Date(now.getTime() + 2 * 24 * 60 * 60 * 1000);
  const latest = new Date(now.getTime() + 14 * 24 * 60 * 60 * 1000);

  const { revieweeId, rating, comment } = parsed.data;

  const [result] = await pool.query(
    `INSERT INTO reviews (deal_id, reviewer_id, reviewee_id, rating, comment, earliest_prompt_at, latest_prompt_at)
     VALUES (?, ?, ?, ?, ?, ?, ?)`,
    [dealId, req.user.userId, revieweeId, rating, comment || null, earliest, latest]
  );

  res.status(201).json({ id: result.insertId });
});

export default router;