import { verifyPassword } from '../../utils/password';
import { useSession } from 'h3';

export default defineEventHandler(async (event) => {
  const body = await readBody(event);
  const { email, password } = body;

  // 1. Validate input
  if (!email || !password) {
    throw createError({
      statusCode: 400,
      statusMessage: 'Email and password are required',
    });
  }

  const normalizedEmail = email.toLowerCase();

  // 2. Find the user
  const user = await prisma.user.findUnique({
    where: { email: normalizedEmail },
  });

  if (!user) {
    throw createError({
      statusCode: 401,
      statusMessage: 'Invalid credentials',
    });
  }

  // 3. Verify the password
  // WARNING: This verifyPassword is a mock. Replace with a secure library like bcrypt before production.
  const isPasswordValid = await verifyPassword(password, user.password);
  if (!isPasswordValid) {
    throw createError({
      statusCode: 401,
      statusMessage: 'Invalid credentials',
    });
  }

  // 4. Create and update the session
  const session = await useSession(event, {
    password: process.env.SESSION_PASSWORD, // Relies on fail-fast check in auth.ts
    maxAge: 60 * 60 * 24 * 7, // 1 week
  });

  await session.update({
    user: {
      id: user.id,
      email: user.email,
    }
  });

  // 5. Return user data DTO
  return {
    user: {
        id: user.id,
        email: user.email,
        nickname: user.nickname,
        avatar: user.avatar,
        coins: user.coins,
        exp: user.exp,
        soundOn: user.soundOn,
        confettiOn: user.confettiOn,
        createdAt: user.createdAt,
        updatedAt: user.updatedAt,
    }
  };
});