import { json, error } from '@sveltejs/kit';
import { nanoid } from 'nanoid';
import { insertReport, getPersonalityById } from '$lib/server/db.js';
import { checkPublishRate, getClientIp } from '$lib/server/ratelimit.js';

const VALID_REASONS = ['incorrect-data', 'duplicate', 'inappropriate', 'spam', 'other'];

export async function POST({ request }) {
  const ip   = getClientIp(request);
  const rate = checkPublishRate(ip);
  if (!rate.allowed) throw error(429, `Too many reports. Try again later.`);

  let body;
  try { body = await request.json(); }
  catch { throw error(400, 'Invalid JSON'); }

  const { personality_id, reason, notes } = body;

  if (!personality_id || typeof personality_id !== 'string') throw error(400, 'Missing personality_id');
  if (!VALID_REASONS.includes(reason)) throw error(400, 'Invalid reason');

  const record = getPersonalityById(personality_id);
  if (!record || record.deleted_at) throw error(404, 'Personality not found');

  insertReport({
    id:             nanoid(10),
    personality_id,
    reason,
    notes:          typeof notes === 'string' ? notes.trim().slice(0, 500) : null,
    reporter_ip:    ip,
    created_at:     new Date().toISOString()
  });

  return json({ success: true }, { status: 201 });
}