import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { db } from "@/lib/db";

export const dynamic = "force-dynamic";

export async function POST(request: Request) {
  const session = await getServerSession(authOptions);
  if (!session?.user?.id) {
    return Response.json({ error: "Unauthorized" }, { status: 401 });
  }

  const body = await request.json();
  const gradeId = body?.gradeId as string | undefined;
  if (!gradeId) {
    return Response.json({ error: "Grade id required" }, { status: 400 });
  }

  const grade = await db.grade.findUnique({ where: { id: gradeId } });
  if (!grade) {
    return Response.json({ error: "Grade not found" }, { status: 404 });
  }

  const purchase = await db.purchase.create({
    data: {
      userId: session.user.id,
      gradeId: grade.id,
      amount: grade.price,
      status: "PENDING",
    },
  });

  return Response.json({
    id: purchase.id,
    status: purchase.status,
    message: "Mock purchase queued",
  });
}