import { NextResponse } from 'next/server'
import { getSession } from '@/lib/auth'
import { checkPermission } from '@/lib/permissions'
import { generateTemplateBuffer } from '@/lib/excel'

export async function GET() {
  const payload = await getSession()
  if (!payload) return NextResponse.json({ error: '会话已过期' }, { status: 401 })
  if (!checkPermission(payload.role, 'assets:import')) {
    return NextResponse.json({ error: '权限不足' }, { status: 403 })
  }

  const buffer = generateTemplateBuffer()
  return new NextResponse(buffer, {
    headers: {
      'Content-Type': 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
      'Content-Disposition': 'attachment; filename="asset_import_template.xlsx"',
    },
  })
}