/**
 * PUT /api/webhooks/:id
 * Update a webhook
 */
import { query } from '../../../utils/database'

interface UpdateWebhookBody {
  name?: string
  url?: string
  secret?: string
  events?: string[]
  instanceId?: string | null
  isActive?: boolean
}

export default defineEventHandler(async (event) => {
  const username = getHeader(event, 'x-authentik-username')
  if (!username) {
    throw createError({ statusCode: 401, message: 'Unauthorized' })
  }

  const id = getRouterParam(event, 'id')
  const body = await readBody<UpdateWebhookBody>(event)

  // Check if webhook exists
  const existing = await query('SELECT id FROM webhooks WHERE id = $1', [id])
  if (existing.rows.length === 0) {
    throw createError({ statusCode: 404, message: 'Webhook not found' })
  }

  // Build update query dynamically
  const updates: string[] = []
  const values: any[] = []
  let paramIndex = 1

  if (body.name !== undefined) {
    updates.push(`name = $${paramIndex++}`)
    values.push(body.name)
  }
  if (body.url !== undefined) {
    updates.push(`url = $${paramIndex++}`)
    values.push(body.url)
  }
  if (body.secret !== undefined) {
    updates.push(`secret = $${paramIndex++}`)
    values.push(body.secret || null)
  }
  if (body.events !== undefined) {
    updates.push(`events = $${paramIndex++}`)
    values.push(body.events)
  }
  if (body.instanceId !== undefined) {
    updates.push(`instance_id = $${paramIndex++}`)
    values.push(body.instanceId || null)
  }
  if (body.isActive !== undefined) {
    updates.push(`is_active = $${paramIndex++}`)
    values.push(body.isActive)
  }

  if (updates.length === 0) {
    throw createError({ statusCode: 400, message: 'No fields to update' })
  }

  values.push(id)
  await query(
    `UPDATE webhooks SET ${updates.join(', ')}, updated_at = NOW() WHERE id = $${paramIndex}`,
    values
  )

  return { success: true }
})