import { FastifyInstance } from "fastify"
import { db } from "../db"
import { auditLog } from "../db/schema"
import { desc } from "drizzle-orm"

export default async function auditLogRoutes(fastify: FastifyInstance) {
  fastify.addHook("preHandler", async (request, reply) => {
    try {
      await request.jwtVerify()
    } catch (err) {
      return reply.code(401).send({ message: "Unauthorized" })
    }
  })

  const isAdmin = (request: any) => {
    return (request.user as { sub: string, role: string })?.role === "admin"
  }

  fastify.get("/", async (request, reply) => {
    if (!isAdmin(request)) {
      return reply.code(403).send({ message: "Forbidden: Admin role required" })
    }

    const logs = await db
      .select()
      .from(auditLog)
      .orderBy(desc(auditLog.createdAt))
      .limit(100)

    return logs
  })
}