riseup-squad18/supabase/functions/reports-list-extended/index.ts

import { validateExternalAuth } from "../_shared/auth.ts";
import { getExternalReports } from "../_shared/external.ts";

const corsHeaders = {
  "Access-Control-Allow-Origin": "*",
  "Access-Control-Allow-Headers":
    "authorization, x-client-info, apikey, content-type",
};

Deno.serve(async (req) => {
  if (req.method === "OPTIONS")
    return new Response("ok", { headers: corsHeaders });

  try {
    const authHeader = req.headers.get("Authorization");
    const supabase = createClient(
      Deno.env.get("SUPABASE_URL")!,
      Deno.env.get("SUPABASE_ANON_KEY")!,
      { global: { headers: { Authorization: authHeader! } } }
    );

    const {
      data: { user },
    } = await supabase.auth.getUser();
    if (!user) throw new Error("Unauthorized");

    const { patient_id, doctor_id, date_from, date_to } = await req.json();

    // 1. Buscar reports do Supabase EXTERNO
    const externalReports = await getExternalReports(
      { patient_id, doctor_id, date_from, date_to },
      authHeader!
    );

    // 2. Para cada report, buscar integrity hash do NOSSO Supabase
    const reportIds = externalReports.map((r: any) => r.id);
    const { data: integrityData } = await supabase
      .from("report_integrity")
      .select("*")
      .in("external_report_id", reportIds);

    // 3. Mesclar dados
    const reportsWithIntegrity = externalReports.map((report: any) => {
      const integrity = integrityData?.find(
        (i: any) => i.external_report_id === report.id
      );
      return {
        ...report,
        has_integrity_check: !!integrity,
        verified_at: integrity?.verified_at || null,
        hash: integrity?.sha256_hash || null,
      };
    });

    return new Response(
      JSON.stringify({
        success: true,
        data: {
          reports: reportsWithIntegrity,
          total: reportsWithIntegrity.length,
          verified: reportsWithIntegrity.filter(
            (r: any) => r.has_integrity_check
          ).length,
        },
      }),
      { headers: { ...corsHeaders, "Content-Type": "application/json" } }
    );
  } catch (error: any) {
    return new Response(
      JSON.stringify({ success: false, error: error.message }),
      {
        status: 400,
        headers: { ...corsHeaders, "Content-Type": "application/json" },
      }
    );
  }
});