import { createUser, getUserByUsername, getUserByEmail } from '~/server/utils/database'
import { setAuthCookie } from '~/server/utils/auth'

export default defineEventHandler(async (event) => {
  const body = await readBody(event)
  const { username, password, email, firstName, lastName } = body

  if (!username || !password || !email || !firstName || !lastName) {
    throw createError({
      statusCode: 400,
      message: 'All fields are required'
    })
  }

  // Validate email format
  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
  if (!emailRegex.test(email)) {
    throw createError({
      statusCode: 400,
      message: 'Invalid email format'
    })
  }

  // Validate username format
  if (username.length < 3) {
    throw createError({
      statusCode: 400,
      message: 'Username must be at least 3 characters long'
    })
  }

  // Validate password strength
  if (password.length < 8) {
    throw createError({
      statusCode: 400,
      message: 'Password must be at least 8 characters long'
    })
  }

  if (!/[A-Z]/.test(password)) {
    throw createError({
      statusCode: 400,
      message: 'Password must contain at least one uppercase letter'
    })
  }

  if (!/[a-z]/.test(password)) {
    throw createError({
      statusCode: 400,
      message: 'Password must contain at least one lowercase letter'
    })
  }

  if (!/[0-9!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(password)) {
    throw createError({
      statusCode: 400,
      message: 'Password must contain at least one number or symbol'
    })
  }

  // Check if username already exists
  const existingUser = getUserByUsername(username.toLowerCase())
  if (existingUser) {
    throw createError({
      statusCode: 409,
      message: 'Username already exists'
    })
  }

  // Check if email already exists
  const existingEmail = getUserByEmail(email.toLowerCase())
  if (existingEmail) {
    throw createError({
      statusCode: 409,
      message: 'Email already exists'
    })
  }

  try {
    // Create the new user with all fields
    createUser(username.toLowerCase(), password, email.toLowerCase(), firstName, lastName)
    
    // Log them in automatically
    setAuthCookie(event, username.toLowerCase())

    return {
      success: true,
      username: username.toLowerCase()
    }
  } catch (error) {
    throw createError({
      statusCode: 500,
      message: 'Failed to create user account'
    })
  }
})