import { error, redirect } from '@sveltejs/kit';
import bcrypt from 'bcryptjs';
import type { Actions } from './$types';
import { addYears } from 'date-fns';
import { collections } from '$lib/server/db';

export const actions: Actions = {
	default: async (event) => {
		const data = await event.request.formData();

		if (!data || !data.get('email') || !data.get('password')) {
			throw error(400, 'Pas de login renseigné');
		}

		const email = data.get('email')!.toString().trim();

		const user = await collections.users.findOne(
			{ email },
			{ collation: { locale: 'en', strength: 1 } }
		);

		if (!user) {
			throw error(404, "Utilisateur non trouvé pour l'email: " + email);
		}

		const password = data.get('password')!.toString().trim();

		if (!(await bcrypt.compare(password as string, user.hash))) {
			throw error(401, 'Mauvais mot de passe');
		}

		let token = user.token;

		if (!token) {
			token = crypto.randomUUID();
			await collections.users.updateOne({ _id: user._id }, { $set: { token } });
		}

		event.cookies.set('bergereToken', token, {
			path: '/',
			sameSite: 'lax',
			secure: true,
			httpOnly: true,
			expires: addYears(new Date(), 3)
		});

		if (event.url.searchParams.get('suivant')) {
			throw redirect(303, event.url.searchParams.get('suivant')!);
		}

		return { success: true };
	}
};