vidreview/packages/api/src/routes/settings.ts

import { Router, Request, Response } from 'express';
import { prisma } from '../lib/prisma';
import { authMiddleware } from '../lib/auth';

const router = Router();
router.use(authMiddleware);

const SITE_SETTINGS_KEY = 'registration_enabled';

// GET /api/settings/registration — admin only
router.get('/registration', async (req: Request, res: Response) => {
  try {
    if (req.user!.globalRole !== 'ADMIN') {
      res.status(403).json({ error: 'Admin only' });
      return;
    }
    const setting = await prisma.siteSetting.findUnique({ where: { name: SITE_SETTINGS_KEY } });
    res.json({ enabled: setting?.value !== 'false' });
  } catch (err) {
    console.error('Get registration setting error:', err);
    res.status(500).json({ error: 'Internal server error' });
  }
});

// PUT /api/settings/registration — admin only
router.put('/registration', async (req: Request, res: Response) => {
  try {
    if (req.user!.globalRole !== 'ADMIN') {
      res.status(403).json({ error: 'Admin only' });
      return;
    }
    const { enabled } = req.body;
    if (typeof enabled !== 'boolean') {
      res.status(400).json({ error: 'enabled must be a boolean' });
      return;
    }
    await prisma.siteSetting.upsert({
      where: { name: SITE_SETTINGS_KEY },
      create: { name: SITE_SETTINGS_KEY, value: String(enabled) },
      update: { value: String(enabled) },
    });
    res.json({ enabled });
  } catch (err) {
    console.error('Update registration setting error:', err);
    res.status(500).json({ error: 'Internal server error' });
  }
});

export default router;