import { DEFAULT_USER_PASSWORD } from '~~/shared/auth'

import { requireRole } from '../../../../utils/auth'
import { hashPassword } from '../../../../utils/password'
import { updateUserPassword } from '../../../../utils/user-repository'
import { requireExistingUser, requireUserIdParam } from '../../../../utils/users'

export default defineEventHandler(async (event) => {
  await requireRole(event, 'super_admin')

  const userId = requireUserIdParam(event)

  await requireExistingUser(userId)

  const passwordHash = await hashPassword(DEFAULT_USER_PASSWORD)

  await updateUserPassword({
    userId,
    passwordHash,
    mustChangePassword: true
  })

  const updatedUser = await requireExistingUser(userId, 'Unable to load updated user')

  return {
    user: updatedUser,
    defaultPassword: DEFAULT_USER_PASSWORD
  }
})