wishlist/src/routes/dashboard/+page.server.ts

import { redirect } from '@sveltejs/kit';
import type { PageServerLoad, Actions } from './$types';
import { db } from '$lib/server/db';
import { wishlists, savedWishlists, users } from '$lib/server/schema';
import { eq, and } from 'drizzle-orm';

export const load: PageServerLoad = async (event) => {
	const session = await event.locals.auth();

	// Allow anonymous users to access dashboard for local wishlists
	if (!session?.user?.id) {
		return {
			user: null,
			wishlists: [],
			savedWishlists: [],
			isAuthenticated: false
		};
	}

	// Fetch user with theme
	const user = await db.query.users.findFirst({
		where: eq(users.id, session.user.id)
	});

	const userWishlists = await db.query.wishlists.findMany({
		where: eq(wishlists.userId, session.user.id),
		with: {
			items: {
				orderBy: (items, { asc }) => [asc(items.order)]
			},
			user: true
		},
		orderBy: (wishlists, { desc }) => [desc(wishlists.createdAt)]
	});

	const saved = await db.query.savedWishlists.findMany({
		where: eq(savedWishlists.userId, session.user.id),
		with: {
			wishlist: {
				with: {
					items: {
						orderBy: (items, { asc }) => [asc(items.order)]
					},
					user: true
				}
			}
		},
		orderBy: (savedWishlists, { desc }) => [desc(savedWishlists.createdAt)]
	});

	// Map saved wishlists to include ownerToken from savedWishlists table (not from wishlist)
	// This ensures users only see ownerToken if they claimed via edit link
	const savedWithAccess = saved.map(s => ({
		...s,
		wishlist: s.wishlist ? {
			...s.wishlist,
			// Override ownerToken: use the one stored in savedWishlists (which is null for public saves)
			ownerToken: s.ownerToken,
			// Keep publicToken as-is for viewing
			publicToken: s.wishlist.publicToken
		} : null
	}));

	return {
		user: user,
		wishlists: userWishlists,
		savedWishlists: savedWithAccess,
		isAuthenticated: true
	};
};

export const actions: Actions = {
	toggleFavorite: async ({ request, locals }) => {
		const session = await locals.auth();
		if (!session?.user?.id) {
			throw redirect(303, '/signin');
		}

		const formData = await request.formData();
		const wishlistId = formData.get('wishlistId') as string;
		const isFavorite = formData.get('isFavorite') === 'true';

		if (!wishlistId) {
			return { success: false, error: 'Wishlist ID is required' };
		}

		await db.update(wishlists)
			.set({ isFavorite: !isFavorite, updatedAt: new Date() })
			.where(eq(wishlists.id, wishlistId));

		return { success: true };
	},

	toggleSavedFavorite: async ({ request, locals }) => {
		const session = await locals.auth();
		if (!session?.user?.id) {
			throw redirect(303, '/signin');
		}

		const formData = await request.formData();
		const savedWishlistId = formData.get('savedWishlistId') as string;
		const isFavorite = formData.get('isFavorite') === 'true';

		if (!savedWishlistId) {
			return { success: false, error: 'Saved wishlist ID is required' };
		}

		await db.update(savedWishlists)
			.set({ isFavorite: !isFavorite })
			.where(eq(savedWishlists.id, savedWishlistId));

		return { success: true };
	},

	unsaveWishlist: async ({ request, locals }) => {
		const session = await locals.auth();
		if (!session?.user?.id) {
			throw redirect(303, '/signin');
		}

		const formData = await request.formData();
		const savedWishlistId = formData.get('savedWishlistId') as string;

		if (!savedWishlistId) {
			return { success: false, error: 'Saved wishlist ID is required' };
		}

		await db.delete(savedWishlists)
			.where(and(
				eq(savedWishlists.id, savedWishlistId),
				eq(savedWishlists.userId, session.user.id)
			));

		return { success: true };
	},

	deleteWishlist: async ({ request, locals }) => {
		const session = await locals.auth();
		if (!session?.user?.id) {
			throw redirect(303, '/signin');
		}

		const formData = await request.formData();
		const wishlistId = formData.get('wishlistId') as string;

		if (!wishlistId) {
			return { success: false, error: 'Wishlist ID is required' };
		}

		// Verify the user owns this wishlist
		await db.delete(wishlists)
			.where(and(
				eq(wishlists.id, wishlistId),
				eq(wishlists.userId, session.user.id)
			));

		return { success: true };
	},

	updateDashboardTheme: async ({ request, locals }) => {
		const session = await locals.auth();
		if (!session?.user?.id) {
			throw redirect(303, '/signin');
		}

		const formData = await request.formData();
		const theme = formData.get('theme') as string;

		if (!theme) {
			return { success: false, error: 'Theme is required' };
		}

		await db.update(users)
			.set({ dashboardTheme: theme, updatedAt: new Date() })
			.where(eq(users.id, session.user.id));

		return { success: true };
	},

	updateDashboardColor: async ({ request, locals }) => {
		const session = await locals.auth();
		if (!session?.user?.id) {
			throw redirect(303, '/signin');
		}

		const formData = await request.formData();
		const color = formData.get('color') as string | null;

		await db.update(users)
			.set({ dashboardColor: color, updatedAt: new Date() })
			.where(eq(users.id, session.user.id));

		return { success: true };
	}
};