import { getUserByUsername } from '~/server/utils/database'
import { setAuthCookie } from '~/server/utils/auth'
import bcrypt from 'bcrypt'

export default defineEventHandler(async (event) => {
  const body = await readBody(event)
  const { username, password } = body

  if (!username || !password) {
    throw createError({
      statusCode: 400,
      message: 'Username and password are required'
    })
  }

  const user = getUserByUsername(username.toLowerCase())

  if (!user) {
    throw createError({
      statusCode: 401,
      message: 'Invalid credentials'
    })
  }

  // Compare the provided password with the hashed password in the database
  const passwordMatch = await bcrypt.compare(password, user.password)

  if (!passwordMatch) {
    throw createError({
      statusCode: 401,
      message: 'Invalid credentials'
    })
  }

  setAuthCookie(event, username)

  return {
    success: true,
    username: user.username
  }
})