import { createClient } from '@supabase/supabase-js';
import { NextResponse } from 'next/server';

export async function POST(request: Request) {
  try {
    const body = await request.json();
    const { accountId, email, name } = body;

    if (!accountId || !email) {
      return NextResponse.json({ error: 'accountId und email sind erforderlich' }, { status: 400 });
    }

    // Validate email format
    if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
      return NextResponse.json({ error: 'Ungültige E-Mail-Adresse' }, { status: 400 });
    }

    const supabase = createClient(
      process.env.NEXT_PUBLIC_SUPABASE_URL!,
      process.env.SUPABASE_SERVICE_ROLE_KEY || process.env.NEXT_PUBLIC_SUPABASE_PUBLIC_KEY!,
    );

    const token = crypto.randomUUID();
    const { error } = await supabase.from('newsletter_subscriptions').upsert({
      account_id: accountId,
      email,
      name: name || null,
      confirmation_token: token,
      is_active: true,
    }, { onConflict: 'account_id,email' });

    if (error) {
      console.error('[newsletter] Subscription error:', error.message);
      return NextResponse.json({ error: 'Anmeldung fehlgeschlagen' }, { status: 500 });
    }

    return NextResponse.json({ success: true, message: 'Erfolgreich angemeldet' });
  } catch (err) {
    console.error('[newsletter] Error:', err);
    return NextResponse.json({ error: 'Serverfehler' }, { status: 500 });
  }
}