import { NextRequest, NextResponse } from 'next/server'
import { invitationRepo } from '@/lib/database/repositories/invitation.repo'
import { isAuthError, requireUser } from '@/lib/auth/session'

/**
 * DELETE /api/invite/[token]
 * Cancel a pending invitation by invite_token.
 * Only the inviter can cancel.
 */
export async function DELETE(
  req: NextRequest,
  { params }: { params: Promise<{ token: string }> },
) {
  let user
  try {
    user = await requireUser()
  } catch (err) {
    if (isAuthError(err)) return err
    throw err
  }

  const { token } = await params

  const invite = invitationRepo.findByInviteToken(token)

  if (!invite) {
    return NextResponse.json({ error: 'Invitation not found' }, { status: 404 })
  }

  if (invite.inviterUserId !== user.id) {
    return NextResponse.json({ error: 'Not authorized to cancel this invitation' }, { status: 403 })
  }

  if (invite.status === 'completed') {
    return NextResponse.json({ error: 'Cannot cancel a completed invitation' }, { status: 400 })
  }

  invitationRepo.markCancelled(invite.id)

  return NextResponse.json({ success: true })
}
