import { NextRequest, NextResponse } from 'next/server'

const RVOTE_BASE = 'https://rvote.online'

export async function GET(req: NextRequest) {
  const { searchParams } = new URL(req.url)
  const endpoint = searchParams.get('endpoint')
  const slug = searchParams.get('slug')

  if (!slug || !endpoint) {
    return NextResponse.json({ error: 'Missing params' }, { status: 400 })
  }

  // Whitelist allowed endpoints to prevent open proxy
  let targetUrl: string
  if (endpoint === 'space') {
    targetUrl = `${RVOTE_BASE}/api/spaces/${encodeURIComponent(slug)}`
  } else if (endpoint === 'proposals') {
    const status = searchParams.get('status') || 'PASSED'
    targetUrl = `${RVOTE_BASE}/s/${encodeURIComponent(slug)}/api/proposals?status=${status}&limit=50`
  } else {
    return NextResponse.json({ error: 'Invalid endpoint' }, { status: 400 })
  }

  try {
    const res = await fetch(targetUrl, { next: { revalidate: 60 } })
    if (!res.ok) {
      return NextResponse.json(
        { error: `Upstream error: ${res.status}` },
        { status: res.status }
      )
    }
    const data = await res.json()
    return NextResponse.json(data)
  } catch (e) {
    return NextResponse.json(
      { error: e instanceof Error ? e.message : 'Fetch failed' },
      { status: 502 }
    )
  }
}