AeThex-OS/temp-forge-extract/aethex-forge-main/api/admin/platform/maintenance.ts

import type { VercelRequest, VercelResponse } from "@vercel/node";
import { createClient } from "@supabase/supabase-js";

const supabaseUrl = process.env.VITE_SUPABASE_URL || process.env.SUPABASE_URL || process.env.NEXT_PUBLIC_SUPABASE_URL || "";
const supabaseServiceRole = process.env.SUPABASE_SERVICE_ROLE || process.env.SUPABASE_SERVICE_ROLE_KEY || "";

let maintenanceModeCache: boolean | null = null;

const ADMIN_ROLES = ["admin", "super_admin", "staff", "owner"];

async function verifyAdmin(token: string, res?: VercelResponse): Promise<{ isAdmin: boolean; debug?: any }> {
  if (!supabaseUrl || !supabaseServiceRole) {
    return { 
      isAdmin: false, 
      debug: { 
        error: "Missing env vars",
        hasUrl: !!supabaseUrl,
        hasKey: !!supabaseServiceRole
      }
    };
  }
  
  const supabase = createClient(supabaseUrl, supabaseServiceRole);
  
  try {
    const { data: { user }, error } = await supabase.auth.getUser(token);
    if (error || !user) {
      return { isAdmin: false, debug: { error: "Auth failed", authError: error?.message } };
    }
    
    const { data: roles, error: rolesError } = await supabase
      .from("user_roles")
      .select("role")
      .eq("user_id", user.id);
    
    if (rolesError) {
      return { isAdmin: false, debug: { error: "Roles query failed", rolesError: rolesError.message } };
    }
    
    if (!roles || roles.length === 0) {
      return { isAdmin: false, debug: { error: "No roles found", userId: user.id } };
    }
    
    const hasAdminRole = roles.some(r => ADMIN_ROLES.includes(r.role?.toLowerCase()));
    return { 
      isAdmin: hasAdminRole, 
      debug: { 
        userId: user.id,
        roles: roles.map(r => r.role),
        hasAdminRole 
      }
    };
  } catch (e: any) {
    return { isAdmin: false, debug: { error: "Exception", message: e?.message } };
  }
}

export default async function handler(req: VercelRequest, res: VercelResponse) {
  res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
  
  const supabase = supabaseUrl && supabaseServiceRole 
    ? createClient(supabaseUrl, supabaseServiceRole)
    : null;

  if (req.method === "GET") {
    try {
      if (supabase) {
        const { data, error } = await supabase
          .from("platform_settings")
          .select("value")
          .eq("key", "maintenance_mode")
          .single();

        if (!error && data) {
          const isEnabled = data.value === true || data.value === "true";
          maintenanceModeCache = isEnabled;
          return res.json({ maintenance_mode: isEnabled });
        }
      }
      
      const envMaintenance = process.env.MAINTENANCE_MODE === "true";
      return res.json({ maintenance_mode: maintenanceModeCache ?? envMaintenance });
    } catch (e) {
      const envMaintenance = process.env.MAINTENANCE_MODE === "true";
      return res.json({ maintenance_mode: maintenanceModeCache ?? envMaintenance });
    }
  }

  if (req.method === "POST") {
    const authHeader = req.headers.authorization;
    const token = authHeader?.replace("Bearer ", "");

    if (!token) {
      return res.status(401).json({ error: "Unauthorized" });
    }

    const { isAdmin, debug } = await verifyAdmin(token);
    if (!isAdmin) {
      return res.status(403).json({ error: "Forbidden - Admin access required", debug });
    }

    const { maintenance_mode } = req.body;

    if (typeof maintenance_mode !== "boolean") {
      return res.status(400).json({ error: "maintenance_mode must be a boolean" });
    }

    try {
      if (supabase) {
        const { error } = await supabase
          .from("platform_settings")
          .upsert(
            { key: "maintenance_mode", value: maintenance_mode, updated_at: new Date().toISOString() },
            { onConflict: "key" }
          );

        if (error) {
          console.error("[Maintenance] DB error:", error);
        }
      }

      maintenanceModeCache = maintenance_mode;
      return res.json({ maintenance_mode, success: true });
    } catch (e) {
      maintenanceModeCache = maintenance_mode;
      return res.json({ maintenance_mode, success: true });
    }
  }

  return res.status(405).json({ error: "Method not allowed" });
}