import { AuthFailedError, AuthValidationError, loginUser } from "../../service/auth";

type LoginBody = {
    username: string;
    password: string;
};

const SESSION_COOKIE_NAME = "pp_session";
const SESSION_MAX_AGE_SECONDS = 7 * 24 * 60 * 60;

function hasStatusCode(err: unknown): err is { statusCode: number } {
    return typeof err === "object" && err !== null && "statusCode" in err
        && typeof (err as { statusCode?: unknown }).statusCode === "number";
}

function toPublicError(err: unknown) {
    if (hasStatusCode(err)) {
        return err;
    }
    if (err instanceof AuthValidationError) {
        return createError({
            statusCode: 400,
            statusMessage: err.message,
        });
    }
    if (err instanceof AuthFailedError) {
        return createError({
            statusCode: 401,
            statusMessage: err.message,
        });
    }
    return createError({
        statusCode: 500,
        statusMessage: "服务器繁忙，请稍后重试",
    });
}

export default defineWrappedResponseHandler(async (event) => {
    try {
        const body = await readBody<LoginBody>(event);
        const result = await loginUser(body);

        setCookie(event, SESSION_COOKIE_NAME, result.sessionId, {
            httpOnly: true,
            sameSite: "lax",
            secure: process.env.NODE_ENV === "production",
            path: "/",
            maxAge: SESSION_MAX_AGE_SECONDS,
        });

        return R.success({
            user: result.user,
        });
    } catch (err) {
        throw toPublicError(err);
    }
});