import { authenticateApiRequest } from '@/lib/api-auth'
import { prisma } from '@/lib/prisma'
import { z } from 'zod'

const bodySchema = z.object({
  title: z.string().min(1, 'Titel is verplicht').max(500),
})

export async function POST(request: Request) {
  const auth = await authenticateApiRequest(request)
  if ('error' in auth) {
    return Response.json({ error: auth.error }, { status: auth.status })
  }

  const body = await request.json().catch(() => null)
  const parsed = bodySchema.safeParse(body)
  if (!parsed.success) {
    return Response.json({ error: parsed.error.flatten() }, { status: 400 })
  }

  const todo = await prisma.todo.create({
    data: {
      user_id: auth.userId,
      title: parsed.data.title,
    },
  })

  return Response.json({ id: todo.id, title: todo.title, created_at: todo.created_at }, { status: 201 })
}