/**
 * Risk Check API Endpoint
 * 
 * Called by n8n workflow before executing trade
 * POST /api/trading/check-risk
 */

import { NextRequest, NextResponse } from 'next/server'
import { getMergedConfig } from '@/v4/config/trading'

export interface RiskCheckRequest {
  symbol: string
  direction: 'long' | 'short'
}

export interface RiskCheckResponse {
  allowed: boolean
  reason?: string
  details?: string
}

export async function POST(request: NextRequest): Promise<NextResponse<RiskCheckResponse>> {
  try {
    // Verify authorization
    const authHeader = request.headers.get('authorization')
    const expectedAuth = `Bearer ${process.env.API_SECRET_KEY}`
    
    if (!authHeader || authHeader !== expectedAuth) {
      return NextResponse.json(
        {
          allowed: false,
          reason: 'Unauthorized',
        },
        { status: 401 }
      )
    }

    const body: RiskCheckRequest = await request.json()
    
    console.log('🔍 Risk check for:', body)
    
    const config = getMergedConfig()
    
    // TODO: Implement actual risk checks:
    // 1. Check daily drawdown
    // 2. Check trades per hour limit
    // 3. Check cooldown period
    // 4. Check account health
    // 5. Check existing positions
    
    // For now, always allow (will implement in next phase)
    const allowed = true
    const reason = allowed ? undefined : 'Risk limit exceeded'
    
    console.log(`✅ Risk check: ${allowed ? 'PASSED' : 'BLOCKED'}`)
    
    return NextResponse.json({
      allowed,
      reason,
      details: allowed ? 'All risk checks passed' : undefined,
    })

  } catch (error) {
    console.error('❌ Risk check error:', error)
    
    return NextResponse.json(
      {
        allowed: false,
        reason: 'Risk check failed',
        details: error instanceof Error ? error.message : 'Unknown error',
      },
      { status: 500 }
    )
  }
}