yslootahrobotics/src/app/api/admin/sync-orders/route.ts

import { NextResponse } from 'next/server';
import { cookies } from 'next/headers';
import { jwtVerify } from 'jose';
import Stripe from 'stripe';
import { prisma } from '@/lib/prisma';

const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!, {
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
  apiVersion: '2026-03-25.dahlia' as any,
});

async function verifyAdmin() {
  const cookieStore = await cookies();
  const token = cookieStore.get('admin_token')?.value;
  if (!token) return false;
  const jwtSecret = process.env.ADMIN_JWT_SECRET;
  if (!jwtSecret) return false;
  try {
    await jwtVerify(token, new TextEncoder().encode(jwtSecret));
    return true;
  } catch {
    return false;
  }
}

// POST /api/admin/sync-orders/
// Fetches recent PaymentIntents from Stripe and upserts them into the DB
export async function POST() {
  if (!(await verifyAdmin())) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });

  try {
    const list = await stripe.paymentIntents.list({ limit: 100 });
    let synced = 0;

    for (const pi of list.data) {
      if (pi.status !== 'succeeded' && pi.status !== 'canceled') continue;
      const m = pi.metadata ?? {};
      const data = {
        amount: pi.amount,
        currency: pi.currency,
        status: pi.status,
        customerName: m.customerName ?? null,
        customerEmail: m.customerEmail ?? pi.receipt_email ?? null,
        customerPhone: m.customerPhone ?? null,
        customerAddress: m.customerAddress ?? null,
        customerCity: m.customerCity ?? null,
        customerCountry: m.customerCountry ?? null,
        customerPostalCode: m.customerPostalCode ?? null,
        persona: m.persona ?? null,
        color: m.color ?? null,
        priceItems: m.priceItems ?? null,
      };
      await prisma.order.upsert({
        where: { paymentIntentId: pi.id },
        create: { paymentIntentId: pi.id, ...data },
        update: data,
      });
      synced++;
    }

    return NextResponse.json({ synced });
  } catch (err) {
    const message = err instanceof Error ? err.message : 'Sync failed';
    return NextResponse.json({ error: message }, { status: 500 });
  }
}