towercontrol/src/app/api/backups/[filename]/route.ts

import { NextRequest, NextResponse } from 'next/server';
import { backupService } from '@/services/data-management/backup';

interface RouteParams {
  params: Promise<{
    filename: string;
  }>;
}

export async function DELETE(request: NextRequest, { params }: RouteParams) {
  try {
    const { filename } = await params;

    // Vérification de sécurité - s'assurer que c'est bien un fichier de backup
    if (
      !filename.startsWith('towercontrol_') ||
      (!filename.endsWith('.db') && !filename.endsWith('.db.gz'))
    ) {
      return NextResponse.json(
        { success: false, error: 'Invalid backup filename' },
        { status: 400 }
      );
    }

    await backupService.deleteBackup(filename);

    return NextResponse.json({
      success: true,
      message: `Backup ${filename} deleted successfully`,
    });
  } catch (error) {
    console.error('Error deleting backup:', error);
    return NextResponse.json(
      {
        success: false,
        error:
          error instanceof Error ? error.message : 'Failed to delete backup',
      },
      { status: 500 }
    );
  }
}

export async function POST(request: NextRequest, { params }: RouteParams) {
  try {
    const { filename } = await params;
    const body = await request.json();
    const { action } = body;

    if (action === 'restore') {
      // Vérification de sécurité
      if (
        !filename.startsWith('towercontrol_') ||
        (!filename.endsWith('.db') && !filename.endsWith('.db.gz'))
      ) {
        return NextResponse.json(
          { success: false, error: 'Invalid backup filename' },
          { status: 400 }
        );
      }

      // Protection environnement de production
      if (process.env.NODE_ENV === 'production') {
        return NextResponse.json(
          {
            success: false,
            error: 'Restore not allowed in production via API',
          },
          { status: 403 }
        );
      }

      await backupService.restoreBackup(filename);

      return NextResponse.json({
        success: true,
        message: `Database restored from ${filename}`,
      });
    }

    return NextResponse.json(
      { success: false, error: 'Invalid action' },
      { status: 400 }
    );
  } catch (error) {
    console.error('Error in backup operation:', error);
    return NextResponse.json(
      {
        success: false,
        error: error instanceof Error ? error.message : 'Operation failed',
      },
      { status: 500 }
    );
  }
}