import { getUserByEmail, createPasswordResetCode } from '~/server/utils/database'
import { sendPasswordResetEmail, generateResetCode } from '~/server/utils/email'

export default defineEventHandler(async (event) => {
  const body = await readBody(event)
  const { email } = body

  if (!email) {
    throw createError({
      statusCode: 400,
      message: 'Email is required',
    })
  }

  // Check if user exists with this email
  const user = getUserByEmail(email)
  
  if (!user) {
    // Don't reveal if email exists or not for security
    return { success: true, message: 'If an account exists with this email, a reset code has been sent.' }
  }

  // Generate 6-digit code
  const code = generateResetCode()
  
  // Set expiration to 15 minutes from now
  const expiresAt = new Date(Date.now() + 15 * 60 * 1000).toISOString()
  
  // Store code in database
  createPasswordResetCode(email, code, expiresAt)
  
  // Send email
  try {
    await sendPasswordResetEmail(email, code)
  } catch (error) {
    console.error('Failed to send reset email:', error)
    throw createError({
      statusCode: 500,
      message: 'Failed to send reset email. Please try again later.',
    })
  }

  return { success: true, message: 'If an account exists with this email, a reset code has been sent.' }
})