import { NextRequest, NextResponse } from "next/server";
import { auth } from "@/auth";
import { db } from "@/lib/db";

async function requireAdmin() {
  const session = await auth();
  if (!session?.user || (session.user as any).role !== "ADMIN") return null;
  return session;
}

export async function POST(
  req: NextRequest,
  { params }: { params: Promise<{ id: string }> }
) {
  if (!(await requireAdmin())) {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }

  const { id: courseId } = await params;
  const { titleFr, titleEn, titleEs, order } = await req.json();

  const module = await db.module.create({
    data: {
      courseId,
      titleFr: titleFr || "Module sans titre",
      titleEn: titleEn || titleFr || "Untitled Module",
      titleEs: titleEs || titleFr || "Módulo sin título",
      order: order ?? 0,
    },
  });

  return NextResponse.json(module);
}