import { createUser, getUserByUsername } from '~/server/utils/database'
import { setAuthCookie } from '~/server/utils/auth'

export default defineEventHandler(async (event) => {
  const body = await readBody(event)
  const { username, password } = body

  if (!username || !password) {
    throw createError({
      statusCode: 400,
      message: 'Username and password are required'
    })
  }

  // Validate username format
  if (username.length < 3) {
    throw createError({
      statusCode: 400,
      message: 'Username must be at least 3 characters long'
    })
  }

  // Validate password strength
  if (password.length < 8) {
    throw createError({
      statusCode: 400,
      message: 'Password must be at least 8 characters long'
    })
  }

  if (!/[A-Z]/.test(password)) {
    throw createError({
      statusCode: 400,
      message: 'Password must contain at least one uppercase letter'
    })
  }

  if (!/[a-z]/.test(password)) {
    throw createError({
      statusCode: 400,
      message: 'Password must contain at least one lowercase letter'
    })
  }

  if (!/[0-9!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(password)) {
    throw createError({
      statusCode: 400,
      message: 'Password must contain at least one number or symbol'
    })
  }

  // Check if user already exists
  const existingUser = getUserByUsername(username.toLowerCase())
  if (existingUser) {
    throw createError({
      statusCode: 409,
      message: 'Username already exists'
    })
  }

  try {
    // Create the new user
    createUser(username.toLowerCase(), password)
    
    // Log them in automatically
    setAuthCookie(event, username.toLowerCase())

    return {
      success: true,
      username: username.toLowerCase()
    }
  } catch (error) {
    throw createError({
      statusCode: 500,
      message: 'Failed to create user account'
    })
  }
})