/**
 * POST /api/workspaces/[slug]/apps/[uuid]/deploy
 *
 * Trigger a deploy on a Coolify app. Guard: app must belong to this
 * workspace's Coolify project before we forward the call.
 */

import { NextResponse } from 'next/server';
import { requireWorkspacePrincipal } from '@/lib/auth/workspace-auth';
import {
  deployApplication,
  getApplicationInProject,
  TenantError,
} from '@/lib/coolify';

export async function POST(
  request: Request,
  { params }: { params: Promise<{ slug: string; uuid: string }> }
) {
  const { slug, uuid } = await params;
  const principal = await requireWorkspacePrincipal(request, { targetSlug: slug });
  if (principal instanceof NextResponse) return principal;

  const ws = principal.workspace;
  if (!ws.coolify_project_uuid) {
    return NextResponse.json({ error: 'Workspace has no Coolify project yet' }, { status: 503 });
  }

  try {
    // Tenant check before any mutation.
    await getApplicationInProject(uuid, ws.coolify_project_uuid);
    const result = await deployApplication(uuid);
    return NextResponse.json({
      ok: true,
      deploymentUuid: result.deployment_uuid,
      appUuid: uuid,
    });
  } catch (err) {
    if (err instanceof TenantError) {
      return NextResponse.json({ error: err.message }, { status: 403 });
    }
    return NextResponse.json(
      { error: 'Deploy failed', details: err instanceof Error ? err.message : String(err) },
      { status: 502 }
    );
  }
}