import { DEFAULT_USER_PASSWORD } from '~~/shared/auth'

import { requireRole } from '../../../../utils/auth'
import { hashPassword } from '../../../../utils/password'
import { getUserById, updateUserPassword } from '../../../../utils/user-repository'

export default defineEventHandler(async (event) => {
  await requireRole(event, 'super_admin')

  const userId = getRouterParam(event, 'id')

  if (!userId) {
    throw createError({
      statusCode: 400,
      statusMessage: 'User id is required'
    })
  }

  const user = await getUserById(userId)

  if (!user) {
    throw createError({
      statusCode: 404,
      statusMessage: 'User not found'
    })
  }

  const passwordHash = await hashPassword(DEFAULT_USER_PASSWORD)

  await updateUserPassword({
    userId,
    passwordHash,
    mustChangePassword: true
  })

  const updatedUser = await getUserById(userId)

  return {
    user: updatedUser,
    defaultPassword: DEFAULT_USER_PASSWORD
  }
})