import { dev } from '$app/environment';
import { fail, redirect, type Cookies, type RequestEvent } from '@sveltejs/kit';
import { authenticate } from '$lib/auth';
import { ROUTE_NAMES } from '../../routes';

const COOKIE_NAME = 'session';

export const loginUser = async ({ request, cookies }: { request: Request; cookies: Cookies }) => {
	const data = await request.formData();
	const user = data.get('user');
	const password = data.get('password');

	const token = authenticate(user, password);

	if (!token) return fail(400, { user, incorrect: true,
								message: "Ungültige Zugangsdaten" });

	cookies.set(COOKIE_NAME, token, {
		path: ROUTE_NAMES.ROOT,
		httpOnly: true,
		sameSite: 'strict',
		secure: !dev
	});
	return redirect(303, ROUTE_NAMES.ROOT);
};

export const logoutUser = async (event: RequestEvent) => {
	event.cookies.delete(COOKIE_NAME, { path: ROUTE_NAMES.ROOT });
	event.locals.user = null;
	return redirect(303, ROUTE_NAMES.ROOT);
};