import type { NextApiRequest, NextApiResponse } from 'next'
import { db, schema } from '../../../lib/db/connection'
import { eq, gte, desc, count, sql } from 'drizzle-orm'

interface RiskyDomain {
  domain: string
  source_count: number
  avg_risk_level: number
  max_risk_level: number
  categories: string[]
}

export default async function handler(
  req: NextApiRequest,
  res: NextApiResponse<RiskyDomain[] | { error: string }>
) {
  if (req.method !== 'GET') {
    return res.status(405).json({ error: 'Method not allowed' })
  }

  const { limit = '20' } = req.query

  try {
    const riskyDomainsResult = await db
      .select({
        domain: schema.sources.domain,
        sourceCount: count(),
        avgRiskLevel: sql<number>`AVG(${schema.sources.riskLevel})`,
        maxRiskLevel: sql<number>`MAX(${schema.sources.riskLevel})`,
        categories: sql<string>`string_agg(DISTINCT ${schema.categories.name}, ',')`
      })
      .from(schema.sources)
      .leftJoin(schema.sourceCategories, eq(schema.sources.id, schema.sourceCategories.sourceId))
      .leftJoin(schema.categories, eq(schema.sourceCategories.categoryId, schema.categories.id))
      .where(eq(schema.sources.status, 'verified'))
      .groupBy(schema.sources.domain)
      .having(gte(sql`AVG(${schema.sources.riskLevel})`, 3))
      .orderBy(desc(sql`AVG(${schema.sources.riskLevel})`), desc(count()))
      .limit(parseInt(limit as string))

    const riskyDomains: RiskyDomain[] = riskyDomainsResult.map(row => ({
      domain: row.domain,
      source_count: row.sourceCount,
      avg_risk_level: Math.round(row.avgRiskLevel * 10) / 10,
      max_risk_level: row.maxRiskLevel,
      categories: row.categories ? row.categories.split(',').filter(Boolean) : []
    }))

    return res.status(200).json(riskyDomains)

  } catch (error) {
    console.error('Database error:', error)
    return res.status(500).json({ error: 'Internal server error' })
  }
}