import { getRequestIP } from "h3";
import { registerUser } from "#server/service/auth";
import { toPublicAuthError } from "#server/service/auth/errors";
import { captchaConsume } from "#server/service/captcha/store";
import { assertLoginRegisterCaptchaFieldsPresent } from "#server/service/captcha/validate-body";
import { assertUnderRateLimit } from "#server/utils/simple-rate-limit";

export default defineWrappedResponseHandler(async (event) => {
    const ip = getRequestIP(event, { xForwardedFor: true }) ?? "unknown";
    assertUnderRateLimit(`auth-register:${ip}`, 20, 60_000);

    const body = await readBody(event);
    assertLoginRegisterCaptchaFieldsPresent(body);
    if (!captchaConsume(body.captchaId, body.captchaAnswer)) {
        throw createError({
            statusCode: 400,
            statusMessage: "验证码错误或已过期，请重试",
        });
    }

    const allowRegister = await event.context.config.getGlobal("allowRegister");
    if (!allowRegister) {
        throw createError({
            statusCode: 403,
            statusMessage: "当前已关闭注册",
        });
    }

    try {
        const user = await registerUser({
            username: body.username,
            password: body.password,
        });
        return R.success({
            user,
        });
    } catch (err) {
        throw toPublicAuthError(err);
    }
});