apps/web/src/app/api/admin/activity/route.ts

import { createServerClient } from "@supabase/ssr";
import { cookies } from "next/headers";
import { NextResponse } from "next/server";

async function checkAdminAccess(supabase: ReturnType<typeof createServerClient>) {
  const { data: { user } } = await supabase.auth.getUser();
  if (!user) return false;

  const { data: member } = await supabase
    .from("members")
    .select("is_superuser")
    .eq("user_id", user.id)
    .single();

  return member?.is_superuser === true;
}

export async function GET() {
  const cookieStore = await cookies();
  
  const supabase = createServerClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL!,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
    {
      cookies: {
        getAll() {
          return cookieStore.getAll();
        },
        setAll() {},
      },
    }
  );

  const isAdmin = await checkAdminAccess(supabase);
  if (!isAdmin) {
    return NextResponse.json({ ok: false, error: "Forbidden" }, { status: 403 });
  }

  try {
    // Get recent audit log entries
    const { data: logs } = await supabase
      .from("admin_audit_log")
      .select("*")
      .order("created_at", { ascending: false })
      .limit(50);

    // Get user emails for the logs
    const adminIds = [...new Set(logs?.map((l) => l.admin_user_id) ?? [])];
    const { data: authData } = await supabase.auth.admin.listUsers();
    const userMap = new Map(authData?.users?.map((u) => [u.id, u.email]) ?? []);

    const activity = logs?.map((log) => ({
      id: log.id,
      action: log.action,
      resourceType: log.resource_type,
      resourceId: log.resource_id,
      createdAt: log.created_at,
      adminEmail: userMap.get(log.admin_user_id) ?? "Unknown",
    })) ?? [];

    return NextResponse.json({ ok: true, data: { activity } });
  } catch (error) {
    return NextResponse.json(
      { ok: false, error: "Failed to fetch activity" },
      { status: 500 }
    );
  }
}