import { getUserByUsername } from '~/server/utils/database'
import { setAuthCookie } from '~/server/utils/auth'

export default defineEventHandler(async (event) => {
  const body = await readBody(event)
  const { username, password } = body

  if (!username || !password) {
    throw createError({
      statusCode: 400,
      message: 'Username and password are required'
    })
  }

  const user = getUserByUsername(username.toLowerCase())

  if (!user || user.password !== password) {
    throw createError({
      statusCode: 401,
      message: 'Invalid credentials'
    })
  }

  setAuthCookie(event, username)

  return {
    success: true,
    username: user.username
  }
})