import { NextResponse } from "next/server";

import { revalidatePublicAudit } from "@/lib/audits/public-audit-revalidation";
import { parsePublicAuditSlug } from "@/lib/audits/slugs";

export async function POST(request: Request) {
  const secret = process.env.PUBLIC_AUDIT_REVALIDATION_SECRET;
  const authorization = request.headers.get("authorization");

  if (!secret || authorization !== `Bearer ${secret}`) {
    return NextResponse.json({ ok: false, error: "Unauthorized" }, { status: 401 });
  }

  const body = (await request.json().catch(() => null)) as { slug?: unknown } | null;
  const normalizedSlug =
    typeof body?.slug === "string" ? parsePublicAuditSlug(body.slug) : null;

  if (!normalizedSlug) {
    return NextResponse.json({ ok: false, error: "Invalid slug" }, { status: 400 });
  }

  revalidatePublicAudit(normalizedSlug);

  return NextResponse.json({ ok: true });
}