import { unlockAccount, getUserByUsername, getDatabase } from '~/server/utils/database'
import { getSessionUsername } from '~/server/utils/auth'

export default defineEventHandler(async (event) => {
  const username = await getSessionUsername(event)

  if (!username) {
    throw createError({
      statusCode: 401,
      message: 'Unauthorized'
    })
  }

  const user = getUserByUsername(username)

  if (!user || user.is_admin !== 1) {
    throw createError({
      statusCode: 403,
      message: 'Forbidden - Admin access required'
    })
  }

  const id = parseInt(event.context.params?.id || '')

  if (isNaN(id)) {
    throw createError({
      statusCode: 400,
      message: 'Invalid user ID'
    })
  }

  // Get target user info
  const db = getDatabase()
  const targetUser = db.prepare('SELECT username, failed_login_attempts, locked_until FROM users WHERE id = ?')
    .get(id) as { username: string, failed_login_attempts: number, locked_until: string | null } | undefined

  if (!targetUser) {
    throw createError({
      statusCode: 404,
      message: 'User not found'
    })
  }

  // Unlock the account
  unlockAccount(id)

  console.log(`[ACCOUNT UNLOCKED] Admin ${username} unlocked account: ${targetUser.username}`)

  return {
    success: true,
    message: `Account unlocked successfully. Failed attempts reset to 0.`,
    user: {
      username: targetUser.username,
      previousAttempts: targetUser.failed_login_attempts,
      wasLocked: !!targetUser.locked_until
    }
  }
})