import { getPasswordResetCode } from '~/server/utils/database'

export default defineEventHandler(async (event) => {
  const body = await readBody(event)
  const { email, code } = body

  if (!email || !code) {
    throw createError({
      statusCode: 400,
      message: 'Email and code are required',
    })
  }

  // Verify code exists and hasn't expired
  const resetCode = getPasswordResetCode(email, code)
  
  if (!resetCode) {
    throw createError({
      statusCode: 400,
      message: 'Invalid or expired reset code',
    })
  }

  return { success: true, message: 'Code verified successfully' }
})