import type { NextApiRequest, NextApiResponse } from 'next'
import sqlite3 from 'sqlite3'
import path from 'path'

export default async function handler(
  req: NextApiRequest,
  res: NextApiResponse
) {
  if (req.method !== 'PATCH') {
    return res.status(405).json({ error: 'Method not allowed' })
  }

  const { id } = req.query
  const { status, risk_level, rejection_reason } = req.body

  if (!id || !status) {
    return res.status(400).json({ error: 'ID and status are required' })
  }

  const dbPath = path.join(process.cwd(), 'database', 'antihoax.db')
  const db = new sqlite3.Database(dbPath)

  try {
    await new Promise<void>((resolve, reject) => {
      const query = `
        UPDATE sources 
        SET status = ?, risk_level = ?, rejection_reason = ?, updated_at = CURRENT_TIMESTAMP
        WHERE id = ?
      `
      
      db.run(
        query,
        [status, risk_level || 0, rejection_reason || null, id],
        function(err) {
          if (err) reject(err)
          else resolve()
        }
      )
    })

    return res.status(200).json({ success: true })

  } catch (error) {
    console.error('Database error:', error)
    return res.status(500).json({ error: 'Internal server error' })
  } finally {
    db.close()
  }
}