livedash-node/app/api/platform/companies/route.ts

import { NextRequest, NextResponse } from "next/server";
import { getServerSession } from "next-auth";
import { platformAuthOptions } from "../../../../lib/platform-auth";
import { prisma } from "../../../../lib/prisma";
import { CompanyStatus } from "@prisma/client";

// GET /api/platform/companies - List all companies
export async function GET(request: NextRequest) {
  try {
    const session = await getServerSession(platformAuthOptions);

    if (!session?.user?.isPlatformUser) {
      return NextResponse.json({ error: "Platform access required" }, { status: 401 });
    }

    const { searchParams } = new URL(request.url);
    const status = searchParams.get("status") as CompanyStatus | null;
    const search = searchParams.get("search");
    const page = parseInt(searchParams.get("page") || "1");
    const limit = parseInt(searchParams.get("limit") || "20");
    const offset = (page - 1) * limit;

    const where: any = {};
    if (status) where.status = status;
    if (search) {
      where.name = {
        contains: search,
        mode: "insensitive",
      };
    }

    const [companies, total] = await Promise.all([
      prisma.company.findMany({
        where,
        include: {
          users: {
            select: { id: true, email: true, role: true, createdAt: true },
          },
          _count: {
            select: {
              sessions: true,
              imports: true,
              users: true,
            },
          },
        },
        orderBy: { createdAt: "desc" },
        skip: offset,
        take: limit,
      }),
      prisma.company.count({ where }),
    ]);

    return NextResponse.json({
      companies,
      pagination: {
        page,
        limit,
        total,
        pages: Math.ceil(total / limit),
      },
    });
  } catch (error) {
    console.error("Platform companies list error:", error);
    return NextResponse.json({ error: "Internal server error" }, { status: 500 });
  }
}

// POST /api/platform/companies - Create new company
export async function POST(request: NextRequest) {
  try {
    const session = await getServerSession(platformAuthOptions);

    if (!session?.user?.isPlatformUser || session.user.platformRole === "SUPPORT") {
      return NextResponse.json({ error: "Admin access required" }, { status: 403 });
    }

    const body = await request.json();
    const { 
      name, 
      csvUrl, 
      csvUsername, 
      csvPassword, 
      adminEmail,
      adminName,
      adminPassword,
      maxUsers = 10,
      status = "TRIAL" 
    } = body;

    if (!name || !csvUrl) {
      return NextResponse.json({ error: "Name and CSV URL required" }, { status: 400 });
    }

    if (!adminEmail || !adminName) {
      return NextResponse.json({ error: "Admin email and name required" }, { status: 400 });
    }

    // Generate password if not provided
    const finalAdminPassword = adminPassword || `Temp${Math.random().toString(36).slice(2, 8)}!`;

    // Hash the admin password
    const bcrypt = await import("bcryptjs");
    const hashedPassword = await bcrypt.hash(finalAdminPassword, 12);

    // Create company and admin user in a transaction
    const result = await prisma.$transaction(async (tx) => {
      // Create the company
      const company = await tx.company.create({
        data: {
          name,
          csvUrl,
          csvUsername: csvUsername || null,
          csvPassword: csvPassword || null,
          maxUsers,
          status,
        },
      });

      // Create the admin user
      const adminUser = await tx.user.create({
        data: {
          email: adminEmail,
          password: hashedPassword,
          name: adminName,
          role: "ADMIN",
          companyId: company.id,
          invitedBy: session.user.email || "platform",
          invitedAt: new Date(),
        },
      });

      return { company, adminUser, generatedPassword: adminPassword ? null : finalAdminPassword };
    });

    return NextResponse.json({ 
      company: result.company,
      adminUser: {
        email: result.adminUser.email,
        name: result.adminUser.name,
        role: result.adminUser.role,
      },
      generatedPassword: result.generatedPassword,
    }, { status: 201 });
  } catch (error) {
    console.error("Platform company creation error:", error);
    return NextResponse.json({ error: "Internal server error" }, { status: 500 });
  }
}