infohliadka/pages/api/admin/audit-logs.ts

import type { NextApiRequest, NextApiResponse } from "next"
import sqlite3 from "sqlite3"
import path from "path"

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  if (req.method !== "GET") return res.status(405).json({ error: "Method not allowed" })
  
  const { page = '1', limit = '50', action, resource_type, user_id } = req.query
  
  const dbPath = path.join(process.cwd(), "database", "antihoax.db")
  const db = new sqlite3.Database(dbPath)
  
  try {
    let whereConditions: string[] = []
    let params: any[] = []
    
    if (action) {
      whereConditions.push("a.action = ?")
      params.push(action)
    }
    
    if (resource_type) {
      whereConditions.push("a.resource_type = ?")
      params.push(resource_type)
    }
    
    if (user_id) {
      whereConditions.push("a.user_id = ?")
      params.push(parseInt(user_id as string))
    }
    
    const whereClause = whereConditions.length > 0 ? `WHERE ${whereConditions.join(' AND ')}` : ''
    const offset = (parseInt(page as string) - 1) * parseInt(limit as string)
    
    const query = `
      SELECT 
        a.*,
        u.email as user_email,
        COUNT(*) OVER() as total_count
      FROM audit_logs a
      LEFT JOIN users u ON a.user_id = u.id
      ${whereClause}
      ORDER BY a.created_at DESC
      LIMIT ? OFFSET ?
    `
    
    params.push(parseInt(limit as string), offset)
    
    const logs = await new Promise<any[]>((resolve, reject) => {
      db.all(query, params, (err, rows) => {
        if (err) reject(err)
        else resolve(rows)
      })
    })
    
    const total = logs.length > 0 ? logs[0].total_count : 0
    const totalPages = Math.ceil(total / parseInt(limit as string))
    
    res.json({
      logs: logs.map(log => ({
        id: log.id,
        user_id: log.user_id,
        user_email: log.user_email,
        action: log.action,
        resource_type: log.resource_type,
        resource_id: log.resource_id,
        details: log.details ? JSON.parse(log.details) : null,
        ip_address: log.ip_address,
        created_at: log.created_at
      })),
      pagination: {
        page: parseInt(page as string),
        limit: parseInt(limit as string),
        total,
        totalPages
      }
    })
    
  } catch (error) {
    console.error('Audit logs error:', error)
    res.status(500).json({ error: "Failed to fetch audit logs" })
  } finally {
    db.close()
  }
}