import { NextRequest, NextResponse } from 'next/server';
import pool from '@/lib/db';

const CRON_SECRET = 'smalltown_review_secret_2024';

export async function POST(request: NextRequest) {
  let connection;
  try {
    const authHeader = request.headers.get('authorization');
    if (authHeader !== `Bearer ${CRON_SECRET}`) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }
    
    connection = await pool.getConnection();
    
    const [result] = await connection.query(
      "UPDATE houses SET status = 'approved', reviewed_at = NOW() WHERE status = 'pending'"
    );
    
    const affectedRows = (result as any).affectedRowCount || 0;
    
    connection.release();
    return NextResponse.json({ success: true, approved: affectedRows });
  } catch (error) {
    console.error('Review error:', error);
    return NextResponse.json({ error: '审核失败' }, { status: 500 });
  } finally {
    if (connection) connection.release();
  }
}