import { PrismaClient } from '@prisma/client';
import { useSession } from 'h3';

const prisma = new PrismaClient();

export default defineEventHandler(async (event) => {
  // 1. Get the session
  const session = await useSession(event, {
    password: process.env.SESSION_PASSWORD || 'your-super-secret-32-character-password',
  });

  // 2. Check if user is in session
  if (!session.data?.user?.id) {
    throw createError({
      statusCode: 401,
      statusMessage: 'Unauthorized',
    });
  }

  // 3. Fetch the full user from the database
  const user = await prisma.user.findUnique({
    where: { id: session.data.user.id },
  });

  if (!user) {
    // This case might happen if the user was deleted but the session still exists.
    // Clear the invalid session.
    await session.clear();
    throw createError({
      statusCode: 401,
      statusMessage: 'Unauthorized',
    });
  }

  // 4. Return user data
  const { password: _password, ...userWithoutPassword } = user;
  return { user: userWithoutPassword };
});