import { NextRequest, NextResponse } from 'next/server' import { prisma } from '@/lib/db' import { getSession } from '@/lib/auth' import { sendEmail, getSmtpConfig } from '@/lib/email' import { z } from 'zod' const upgradeSchema = z.object({ requestedPlan: z.enum(['PRO']), message: z.string().max(1000).optional(), }) // GET: List upgrade requests for current tenant (TENANT_ADMIN) or all (SERVER_ADMIN) export async function GET() { try { const user = await getSession() if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 }) let where: any = {} if (user.role === 'SERVER_ADMIN') { // Server admin sees all } else if (user.role === 'TENANT_ADMIN' && user.tenantId) { where = { tenantId: user.tenantId } } else { return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 }) } const requests = await (prisma as any).upgradeRequest.findMany({ where, include: { tenant: { select: { name: true, slug: true, plan: true, subscriptionStatus: true } }, requestedBy: { select: { name: true, email: true } }, }, orderBy: { createdAt: 'desc' }, }) return NextResponse.json({ requests }) } catch (error) { console.error('Error fetching upgrade requests:', error) return NextResponse.json({ error: 'Serverfehler' }, { status: 500 }) } } // POST: Create a new upgrade request (TENANT_ADMIN only) export async function POST(req: NextRequest) { try { const user = await getSession() if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 }) if (user.role !== 'TENANT_ADMIN' || !user.tenantId) { return NextResponse.json({ error: 'Nur Mandanten-Administratoren können Upgrades anfordern' }, { status: 403 }) } const body = await req.json() const validated = upgradeSchema.safeParse(body) if (!validated.success) { return NextResponse.json({ error: 'Ungültige Eingabe', details: validated.error.flatten() }, { status: 400 }) } // Get current tenant const tenant = await (prisma as any).tenant.findUnique({ where: { id: user.tenantId }, select: { id: true, name: true, plan: true, contactEmail: true }, }) if (!tenant) { return NextResponse.json({ error: 'Mandant nicht gefunden' }, { status: 404 }) } // Check for existing pending request const existingPending = await (prisma as any).upgradeRequest.findFirst({ where: { tenantId: user.tenantId, status: 'PENDING' }, }) if (existingPending) { return NextResponse.json({ error: 'Es gibt bereits eine offene Upgrade-Anfrage. Bitte warten Sie auf die Bearbeitung.', }, { status: 409 }) } // Don't allow "downgrade" requests or same plan const planOrder = { FREE: 0, PRO: 1 } if ((planOrder[validated.data.requestedPlan as keyof typeof planOrder] || 0) <= (planOrder[tenant.plan as keyof typeof planOrder] || 0)) { return NextResponse.json({ error: 'Der gewählte Plan ist kein Upgrade gegenüber dem aktuellen Plan.' }, { status: 400 }) } // Create request const request = await (prisma as any).upgradeRequest.create({ data: { tenantId: user.tenantId, requestedById: user.id, requestedPlan: validated.data.requestedPlan, currentPlan: tenant.plan, message: validated.data.message || null, }, include: { tenant: { select: { name: true } }, requestedBy: { select: { name: true, email: true } }, }, }) // Send emails const smtpConfig = await getSmtpConfig() if (smtpConfig) { const planLabels: Record = { FREE: 'Free', PRO: 'Pro', } // 1. Confirmation to tenant admin try { await sendEmail( user.email, `Upgrade-Anfrage bestätigt — ${planLabels[validated.data.requestedPlan]}`, `

Upgrade-Anfrage eingegangen

Ihre Upgrade-Anfrage für ${tenant.name} wurde erfolgreich übermittelt.

Aktueller Plan	${planLabels[tenant.plan] \|\| tenant.plan}
Gewünschter Plan	${planLabels[validated.data.requestedPlan]}
Status	Wird geprüft

${validated.data.message ? `

Ihre Nachricht:
${validated.data.message.replace(/\n/g, '
')}

` : ''}

Wir werden Ihre Anfrage so schnell wie möglich bearbeiten. Sie erhalten eine Benachrichtigung, sobald Ihr Plan aktiviert wurde.

Lageplan — Digitale Lagepläne für die Feuerwehr

` ) } catch (e) { console.error('Failed to send upgrade confirmation email:', e) } // 2. Notification to all server admins try { const serverAdmins = await (prisma as any).user.findMany({ where: { role: 'SERVER_ADMIN' }, select: { email: true, name: true }, }) for (const admin of serverAdmins) { await sendEmail( admin.email, `Neue Upgrade-Anfrage: ${tenant.name} → ${planLabels[validated.data.requestedPlan]}`, `

Neue Upgrade-Anfrage

Organisation	${tenant.name}
Angefragt von	${user.name} (${user.email})
Aktueller Plan	${planLabels[tenant.plan] \|\| tenant.plan}
Gewünschter Plan	${planLabels[validated.data.requestedPlan]}

${validated.data.message ? `

Nachricht:
${validated.data.message.replace(/\n/g, '
')}

` : ''}

Bitte prüfen und bestätigen Sie die Anfrage im Admin-Panel unter "Upgrade-Anfragen".

Lageplan — Automatische Benachrichtigung

` ) } } catch (e) { console.error('Failed to send admin notification email:', e) } } return NextResponse.json({ request }, { status: 201 }) } catch (error) { console.error('Error creating upgrade request:', error) return NextResponse.json({ error: 'Serverfehler' }, { status: 500 }) } }