Lageplan/src/app/api/tenant/logo/route.ts

import { NextRequest, NextResponse } from 'next/server'
import { prisma } from '@/lib/db'
import { getSession } from '@/lib/auth'
import { uploadFile, deleteFile } from '@/lib/minio'

export async function POST(req: NextRequest) {
  try {
    const user = await getSession()
    if (!user || user.role !== 'TENANT_ADMIN') {
      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 403 })
    }
    if (!user.tenantId) {
      return NextResponse.json({ error: 'Kein Mandant' }, { status: 400 })
    }

    const formData = await req.formData()
    const file = formData.get('logo') as File
    if (!file) {
      return NextResponse.json({ error: 'Keine Datei hochgeladen' }, { status: 400 })
    }

    const validTypes = ['image/png', 'image/jpeg', 'image/svg+xml', 'image/webp']
    if (!validTypes.includes(file.type)) {
      return NextResponse.json({ error: 'Ungültiges Dateiformat. Erlaubt: PNG, JPEG, SVG, WebP' }, { status: 400 })
    }

    if (file.size > 2 * 1024 * 1024) {
      return NextResponse.json({ error: 'Datei zu gross (max. 2 MB)' }, { status: 400 })
    }

    const buffer = Buffer.from(await file.arrayBuffer())
    const ext = file.name.split('.').pop() || 'png'
    const fileKey = `logos/tenant-${user.tenantId}.${ext}`

    await uploadFile(fileKey, buffer, file.type)

    const logoServeUrl = `/api/admin/tenants/${user.tenantId}/logo/serve`
    await (prisma as any).tenant.update({
      where: { id: user.tenantId },
      data: { logoFileKey: fileKey, logoUrl: logoServeUrl },
    })

    return NextResponse.json({ logoUrl: logoServeUrl })
  } catch (error) {
    console.error('Tenant logo upload error:', error)
    return NextResponse.json({ error: 'Upload fehlgeschlagen' }, { status: 500 })
  }
}

export async function DELETE(req: NextRequest) {
  try {
    const user = await getSession()
    if (!user || user.role !== 'TENANT_ADMIN') {
      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 403 })
    }
    if (!user.tenantId) {
      return NextResponse.json({ error: 'Kein Mandant' }, { status: 400 })
    }

    const tenant = await (prisma as any).tenant.findUnique({ where: { id: user.tenantId } })
    if (tenant?.logoFileKey) {
      try {
        await deleteFile(tenant.logoFileKey)
      } catch {}
    }

    await (prisma as any).tenant.update({
      where: { id: user.tenantId },
      data: { logoUrl: null, logoFileKey: null },
    })

    return NextResponse.json({ success: true })
  } catch (error) {
    console.error('Tenant logo delete error:', error)
    return NextResponse.json({ error: 'Löschen fehlgeschlagen' }, { status: 500 })
  }
}