import { NextResponse } from 'next/server';
import { requireUser } from '@/lib/session';

const ENGINE_URL    = process.env.ENGINE_URL    || 'http://127.0.0.1:3030';
const ENGINE_SECRET = process.env.ENGINE_SECRET || '';

function eHeaders(userId) {
  return { 'x-internal-secret': ENGINE_SECRET, 'x-user-id': String(userId) };
}

// GET /api/drafts — все черновики пользователя
export async function GET(req) {
  const user = await requireUser();
  if (!user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
  const { searchParams } = new URL(req.url);
  const res = await fetch(`${ENGINE_URL}/api/drafts?${searchParams}`, { headers: eHeaders(user.id) });
  return NextResponse.json(await res.json());
}