import { NextResponse } from 'next/server';
import { requireUser } from '@/lib/session';

const ENGINE_URL    = process.env.ENGINE_URL    || 'http://localhost:3030';
const ENGINE_SECRET = process.env.ENGINE_SECRET || '';

async function engineReq(path, opts = {}) {
  const { method = 'GET', body, userId } = opts;
  const headers = { 'x-internal-secret': ENGINE_SECRET };
  if (userId) headers['x-user-id'] = String(userId);
  if (body)   headers['Content-Type'] = 'application/json';
  const res = await fetch(`${ENGINE_URL}${path}`, {
    method, headers, body: body ? JSON.stringify(body) : undefined,
  });
  return res.json();
}

export async function GET(req, { params }) {
  const user = await requireUser();
  if (!user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
  const { searchParams } = new URL(req.url);
  const data = await engineReq(
    `/api/inbox/${params.channelId}?${searchParams.toString()}`,
    { userId: user.id }
  );
  return NextResponse.json(data);
}