import { dev } from '$app/environment';
import { error, fail, redirect } from '@sveltejs/kit';
import { ROUTE_NAMES } from '../index.js';
import { vorgangPINValidation } from '$lib/server/vorgangService.js';

export const actions = {
	default: async ({ request, cookies }) => {
		const data = await request.formData();
		const vorgangToken = data.get('vorgang-token');
		const vorgangPIN = data.get('vorgang-pin') as string;

		if (!vorgangPIN) {
			return fail(400, { message: 'Bitte einen PIN eingeben.'});
		}

		if (!vorgangPINValidation(vorgangToken, vorgangPIN)) {
			return fail(400, { message: 'Falsche Zugangsdaten.'});
		}

		const COOKIE_NAME = `token-${vorgangToken}`;
		cookies.set(COOKIE_NAME, vorgangPIN, {
			path: '/',
			httpOnly: true,
			sameSite: 'strict',
			secure: !dev
		});

		throw redirect(303, ROUTE_NAMES.VORGANG(vorgangToken));
	}
} as const;

export const load: PageServerLoad = async ({ url }) => {
	const vorgang = url.searchParams.get('vorgang');
	if (!vorgang) error(404, "Not Found");
};