import { dev } from '$app/environment';
import { fail, redirect, type Cookies } from '@sveltejs/kit';
import { authenticate } from '$lib/auth';
import type { RequestEvent } from '../(angemeldet)/$types';

const COOKIE_NAME = 'session';

/** @type {import('./$types').Actions} */
export const actions = {
	login: async ({ request, cookies }: {request: Request, cookies: Cookies}) => {
		const data = await request.formData();
		const user = data.get('user');
		const password = data.get('password');

		const token = authenticate(user, password);

		if (!token) return fail(400, { user, incorrect: true });

		cookies.set(COOKIE_NAME, token, {
			path: '/',
			httpOnly: true,
			sameSite: 'strict',
			secure: !dev
		});
		throw redirect(303, '/');
	},
	logout: async (event: RequestEvent) => {
		event.cookies.delete(COOKIE_NAME, {path: '/'});
		event.locals.user = null;
		return { success: true };
	}
};