import { NextApiRequest, NextApiResponse } from 'next'
import fs from 'fs'
import path from 'path'

const DOCS_DIR = path.join(process.cwd(), 'docs')

export default function handler(req: NextApiRequest, res: NextApiResponse) {
  const { file } = req.query

  if (!file || typeof file !== 'string') {
    return res.status(400).json({ error: 'File name is required' })
  }

  // Security: prevent directory traversal
  const safeFile = path.basename(file)
  const filePath = path.join(DOCS_DIR, safeFile)

  // Check if file exists and is in docs directory
  if (!filePath.startsWith(DOCS_DIR)) {
    return res.status(403).json({ error: 'Access denied' })
  }

  try {
    if (!fs.existsSync(filePath)) {
      return res.status(404).json({ error: 'File not found' })
    }

    const content = fs.readFileSync(filePath, 'utf-8')
    res.status(200).send(content)
  } catch (error) {
    console.error('Error reading doc file:', error)
    res.status(500).json({ error: 'Failed to read file' })
  }
}