import { dev } from '$app/environment';
import { loginUser, logoutUser } from '$lib/server/authService';
import { fail, redirect } from '@sveltejs/kit';
import { ROUTE_NAMES } from '../index.js';

export const actions = {
	login: ({ request, cookies }) => loginUser({ request, cookies }),
	logout: (event) => logoutUser(event),
	getVorgangByToken: async ({ request, cookies }) => {
		const data = await request.formData();
		const vorgangToken = data.get('vorgang-token');
		const vorgangPIN = data.get('vorgang-pin') as string;

		if (!vorgangToken || !vorgangPIN) {
			return fail(400, { message: 'Token oder PIN fehlen' });
		}

		const COOKIE_NAME = `token-${vorgangToken}`;
		cookies.set(COOKIE_NAME, vorgangPIN, {
			path: '/',
			httpOnly: true,
			sameSite: 'strict',
			secure: !dev
		});

		throw redirect(303, ROUTE_NAMES.VORGANG(vorgangToken));
	}
} as const;