import clientPromise from "@/lib/db";
import type { NextApiRequest, NextApiResponse } from "next";

export default async function handler(
	req: NextApiRequest,
	res: NextApiResponse
) {
	if (req.method === "POST") {
		try {
			const client = await clientPromise;
			const db = client.db("modsVuln");
			const { title, category, bullets } = req.body;

			if (!title || !category || !bullets || !Array.isArray(bullets)) {
				return res.status(400).json({ error: "Invalid data" });
			}

			await db.collection("vulnerabilities").insertOne({
				title,
				category,
				bullets,
			});

			res.status(200).json({ message: "Vulnerability added successfully" });
		} catch (error) {
			res.status(500).json({ error: error || "Failed to add vulnerability" });
		}
	} else {
		res.setHeader("Allow", ["POST"]);
		res.status(405).end(`Method ${req.method} Not Allowed`);
	}
}