// app/api/cron/purge/route.ts
//
// HTTP-triggerable version of the purge job, for platforms that schedule
// via HTTP (e.g. Vercel Cron, an external cron-job.org ping, k8s CronJob
// hitting an endpoint). Protected by a shared secret bearer token rather
// than a user session, since no human is logged in when this fires.
//
// If you're self-hosting with a long-running Node process instead, use
// workers/purge-worker.ts directly with node-cron — this route is an
// alternative trigger for serverless/managed deployments.

import { NextRequest, NextResponse } from "next/server";
import { purgeExpiredTempEmails } from "@/workers/purge-worker";

const CRON_SECRET = process.env.CRON_SECRET || "";

export async function POST(req: NextRequest) {
  try {
    if (!CRON_SECRET) {
      console.error("CRON_SECRET is not configured");
      return NextResponse.json({ error: "Server misconfiguration" }, { status: 500 });
    }

    const authHeader = req.headers.get("authorization") || "";
    const expected = `Bearer ${CRON_SECRET}`;
    if (authHeader !== expected) {
      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
    }

    const result = await purgeExpiredTempEmails();

    return NextResponse.json({ status: "ok", ...result });
  } catch (err) {
    console.error("POST /api/cron/purge failed:", err);
    return NextResponse.json({ error: "Purge job failed" }, { status: 500 });
  }
}
