import { getSessionUsername } from '~/server/utils/auth'
import { getUserByUsername, setSetting } from '~/server/utils/database'

export default defineEventHandler(async (event) => {
  // Check if user is authenticated and is admin
  const username = await getSessionUsername(event)
  if (!username) {
    throw createError({
      statusCode: 401,
      message: 'Unauthorized'
    })
  }

  const user = getUserByUsername(username)
  if (!user || user.is_admin !== 1) {
    throw createError({
      statusCode: 403,
      message: 'Forbidden - Admin access required'
    })
  }

  // Get the retention policy from the request body
  const body = await readBody(event)
  const { retentionPolicy } = body

  // Validate the retention policy value
  const validPolicies = ['forever', '1_month', '3_months', '6_months', '1_year', '3_years', '5_years', '10_years']
  if (!validPolicies.includes(retentionPolicy)) {
    throw createError({
      statusCode: 400,
      message: 'Invalid retention policy'
    })
  }

  // Save the retention policy setting
  setSetting('sermon_retention_policy', retentionPolicy)

  return {
    success: true,
    retentionPolicy
  }
})