import { z } from "zod";
import { authService } from "../service/auth";
import { checkRateLimit } from "../service/auth/lib/rate-limit";

const RegisterSchema = z.object({
  email: z.string().email(),
  password: z.string(),
  username: z.string().min(2).max(32),
});

export default defineEventHandler(async (event) => {
  const ip = getHeader(event, "x-forwarded-for") ?? "unknown";
  const userAgent = getHeader(event, "user-agent") ?? undefined;

  const { allowed, retryAfterMs } = checkRateLimit(ip);
  if (!allowed) {
    setResponseStatus(event, 429);
    return { error: { code: "RATE_LIMITED", message: "操作过于频繁，请稍后再试" } };
  }

  const body = await readBody(event);
  const parsed = RegisterSchema.safeParse(body);
  if (!parsed.success) {
    setResponseStatus(event, 400);
    return { error: { code: "BAD_REQUEST", message: "参数错误" } };
  }

  try {
    const user = await authService.register({
      ...parsed.data,
      ip,
      userAgent,
    });
    setResponseStatus(event, 201);
    return { user };
  } catch (err: unknown) {
    const e = err as { code?: string; message?: string };
    setResponseStatus(event, e.code === "EMAIL_EXISTS" ? 409 : 400);
    return { error: { code: e.code ?? "UNKNOWN", message: e.message ?? "注册失败" } };
  }
});