livedash-node/app/api/dashboard/settings/route.ts

import { type NextRequest, NextResponse } from "next/server";
import { neonAuth } from "@/lib/auth/server";
import { prisma } from "@/lib/prisma";

// MIGRATED: Removed "export const dynamic = 'force-dynamic'" - dynamic by default with Cache Components

export async function POST(request: NextRequest) {
  const { session: authSession, user: authUser } = await neonAuth();
  if (!authSession || !authUser?.email) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

  // Look up user in our database to get companyId and role
  const user = await prisma.user.findUnique({
    where: { email: authUser.email },
    select: { companyId: true, role: true },
  });

  if (!user || !user.companyId) {
    return NextResponse.json(
      { error: "User not found or no company" },
      { status: 401 }
    );
  }

  // Check for admin role
  if (user.role !== "ADMIN") {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }

  const body = await request.json();
  const { csvUrl, csvUsername, csvPassword } = body;

  await prisma.company.update({
    where: { id: user.companyId },
    data: {
      csvUrl,
      csvUsername,
      ...(csvPassword ? { csvPassword } : {}),
      // Remove sentimentAlert field - not in current schema
    },
  });

  return NextResponse.json({ ok: true });
}