import mongoose from "mongoose";
import jwt from "jsonwebtoken";
import { IUser, User } from "~/models/user";

export default eventHandler(async (event) => {
	const wrongMsg = "wrong credentials";
	let reqbody = await readBody(event);
	let user = await User.findOne({ username: reqbody.username }).exec();
	console.log("USER -> ", user);
	console.log("conn ->", mongoose.connection);
	let cok = getHeader(event, "Authorization")?.replace("Bearer ", "");
	if (!cok) {
		if (!user) {
			throw createError({ statusCode: 401, message: wrongMsg });
		}
		if (user.banned) {
			throw createError({
				statusCode: 401,
				message: "This account has been banned.",
			});
		}
		if (user.validPassword(reqbody.password)) {
			if (!user.auth.emailVerified) {
				throw createError({
					statusCode: 401,
					message:
						'Account inactive!<br><a href="/activate/resend">Resend verification</a>?',
				});
			}
			let tok = user.generateToken(useRuntimeConfig().jwt);
			// setCookie(event, "rockfic_cookie", tok);
			return {
				user,
				token: tok,
			};
		} else {
			throw createError({ statusCode: 401, message: wrongMsg });
		}
	} else {
		if (jwt.verify(cok, useRuntimeConfig().jwt)) {
			throw createError({
				statusCode: 405,
				message: "Already logged in.",
			});
		} else {
			throw createError({ statusCode: 401, message: wrongMsg });
		}
	}
});