import { NextResponse } from 'next/server';
import { requireUser } from '@/lib/session';

const ENGINE_URL    = process.env.ENGINE_URL    || 'http://127.0.0.1:3030';
const ENGINE_SECRET = process.env.ENGINE_SECRET || '';

function h(userId) {
  return { 'x-internal-secret': ENGINE_SECRET, 'x-user-id': String(userId) };
}

// PATCH /api/drafts/:id
export async function PATCH(req, { params }) {
  const user = await requireUser();
  if (!user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
  const body = await req.json();
  const res = await fetch(`${ENGINE_URL}/api/drafts/${params.id}`, {
    method: 'PATCH',
    headers: { ...h(user.id), 'Content-Type': 'application/json' },
    body: JSON.stringify(body),
  });
  return NextResponse.json(await res.json());
}

// DELETE /api/drafts/:id
export async function DELETE(req, { params }) {
  const user = await requireUser();
  if (!user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
  const res = await fetch(`${ENGINE_URL}/api/drafts/${params.id}`, { method: 'DELETE', headers: h(user.id) });
  return NextResponse.json(await res.json());
}