import { NextResponse } from 'next/server';
import { requireUser } from '@/lib/session';

const ENGINE_URL    = process.env.ENGINE_URL    || 'http://localhost:3030';
const ENGINE_SECRET = process.env.ENGINE_SECRET || '';

async function enginePost(path, userId, body) {
  const res = await fetch(`${ENGINE_URL}${path}`, {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'x-internal-secret': ENGINE_SECRET,
      'x-user-id': String(userId),
    },
    body: JSON.stringify(body),
  });
  return res.json();
}

export async function POST(req, { params }) {
  const user = await requireUser();
  if (!user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
  const body = await req.json().catch(() => ({}));
  const data = await enginePost(`/api/inbox/${params.id}/reply`, user.id, body);
  return NextResponse.json(data);
}