import { verifyPassword } from '../../utils/password'
import { normalizeUsername, signInUser } from '../../utils/auth'
import { getUserByUsername } from '../../utils/user-repository'

export default defineEventHandler(async (event) => {
  const body = await readBody<{
    username?: string
    password?: string
    remember?: boolean
  }>(event)

  const username = normalizeUsername(body.username || '')
  const password = body.password?.trim() || ''
  const remember = body.remember !== false

  if (!username || !password) {
    throw createError({
      statusCode: 400,
      statusMessage: 'Username and password are required'
    })
  }

  const user = await getUserByUsername(username)

  if (!user || !user.isActive) {
    throw createError({
      statusCode: 401,
      statusMessage: 'Invalid username or password'
    })
  }

  const passwordMatches = await verifyPassword(password, user.passwordHash)

  if (!passwordMatches) {
    throw createError({
      statusCode: 401,
      statusMessage: 'Invalid username or password'
    })
  }

  const authenticatedUser = await signInUser(event, user, remember)

  return {
    user: authenticatedUser
  }
})