import { db } from "@/lib/db";
import { users } from "@/lib/db/schema/auth";
import { NextResponse } from "next/server";
import { isNotNull } from "drizzle-orm";

export async function GET(req: Request) {
  const authHeader = req.headers.get("x-api-secret");
  // Wir nutzen dasselbe Secret wie für die Ingestion API
  if (authHeader !== process.env.POLICY_API_SECRET) {
    return new NextResponse("Unauthorized", { status: 401 });
  }

  // Hole alle einzigartigen Tenant-IDs aus der User-Tabelle
  const tenants = await db
    .selectDistinct({ tenantId: users.tenantId })
    .from(users)
    .where(isNotNull(users.tenantId));

  // Wir filtern 'common' raus, falls es drin ist
  const cleanList = tenants.filter(t => t.tenantId !== 'common');

  return NextResponse.json(cleanList);
}