import { loginUser } from "#server/service/auth";
import { z } from "zod";

const loginSchema = z.object({
  username: z.string().min(1),
  password: z.string().min(1),
  captchaToken: z.string().min(1),
  captchaCode: z.string().min(1),
});

export default defineWrappedResponseHandler(async (event) => {
  const body = await readBody(event);
  const parsed = loginSchema.safeParse(body);

  if (!parsed.success) {
    return R.error("参数校验失败", parsed.error.issues);
  }

  const { username, password, captchaToken, captchaCode } = parsed.data;
  const result = await loginUser(username, password, captchaToken, captchaCode);

  if (!result.success) {
    return R.error(result.message!, null);
  }

  // Set token as httpOnly cookie
  setCookie(event, "token", result.token!, {
    httpOnly: true,
    secure: process.env.NODE_ENV === "production",
    sameSite: "lax",
    maxAge: 60 * 60 * 24 * 7,
    path: "/",
  });

  return R.success({ user: result.user });
});