import { NextRequest, NextResponse } from 'next/server' import { auth } from '@/auth' import prisma from '@/lib/prisma' import { contentModerationService } from '@/lib/ai/services/content-moderation.service' function generateSlug(title: string): string { const base = title .toLowerCase() .normalize('NFD') .replace(/[\u0300-\u036f]/g, '') .replace(/[^a-z0-9]+/g, '-') .replace(/^-+|-+$/g, '') .slice(0, 60) || 'note' return `${base}-${Math.random().toString(36).slice(2, 8)}` } export async function POST(request: NextRequest) { const session = await auth() if (!session?.user?.id) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) const { noteId, action } = await request.json() if (!noteId) return NextResponse.json({ error: 'noteId required' }, { status: 400 }) const note = await prisma.note.findFirst({ where: { id: noteId, userId: session.user.id }, select: { id: true, title: true, publicSlug: true, content: true }, }) if (!note) return NextResponse.json({ error: 'Not found' }, { status: 404 }) if (action === 'publish') { // --- AI Moderation --- let moderation try { moderation = await contentModerationService.moderate(note.title || '', note.content || '') } catch { moderation = { verdict: 'safe' as const, categories: ['safe'], reason: 'Moderation indisponible' } } if (moderation.verdict === 'blocked') { return NextResponse.json({ error: 'blocked', reason: moderation.reason, categories: moderation.categories, }, { status: 403 }) } // flagged → publish but notify admins if (moderation.verdict === 'flagged') { const admins = await prisma.user.findMany({ where: { role: 'ADMIN' }, select: { id: true } }) for (const admin of admins) { await prisma.notification.create({ data: { userId: admin.id, type: 'content_flagged', title: 'Contenu sensible publié', message: `La note "${note.title}" a été publiée avec un contenu potentiellement sensible: ${moderation.reason}`, actionUrl: '/admin/published', relatedId: note.id, }, }).catch(() => {}) } } let slug = note.publicSlug if (!slug) { slug = generateSlug(note.title || 'note') const existing = await prisma.note.findUnique({ where: { publicSlug: slug } }) if (existing && existing.id !== noteId) slug = `${slug}-${Date.now().toString(36)}` } await prisma.note.update({ where: { id: noteId }, data: { isPublic: true, publicSlug: slug, publishedAt: new Date() }, }) return NextResponse.json({ success: true, slug, moderation: moderation.verdict === 'flagged' ? 'flagged' : undefined, }) } if (action === 'unpublish') { await prisma.note.update({ where: { id: noteId }, data: { isPublic: false, publicSlug: null, publishedAt: null }, }) return NextResponse.json({ success: true }) } return NextResponse.json({ error: 'Invalid action' }, { status: 400 }) }