import { verifyToken, getUserById } from '../utils/auth.js'
import { saveMember } from '../utils/members.js'

export default defineEventHandler(async (event) => {
  try {
    const token = getCookie(event, 'auth_token')

    if (!token) {
      throw createError({
        statusCode: 401,
        message: 'Nicht authentifiziert.'
      })
    }

    const decoded = verifyToken(token)

    if (!decoded) {
      throw createError({
        statusCode: 401,
        message: 'Ungültiges Token.'
      })
    }

    const user = await getUserById(decoded.id)

    // Only admin and vorstand can edit members
    if (!user || (user.role !== 'admin' && user.role !== 'vorstand')) {
      throw createError({
        statusCode: 403,
        message: 'Keine Berechtigung zum Bearbeiten von Mitgliedern.'
      })
    }

    const body = await readBody(event)
    const { id, firstName, lastName, email, phone, address, notes } = body

    if (!firstName || !lastName) {
      throw createError({
        statusCode: 400,
        message: 'Vorname und Nachname sind erforderlich.'
      })
    }

    await saveMember({
      id: id || undefined,
      firstName,
      lastName,
      email: email || '',
      phone: phone || '',
      address: address || '',
      notes: notes || ''
    })

    return {
      success: true,
      message: 'Mitglied erfolgreich gespeichert.'
    }
  } catch (error) {
    console.error('Fehler beim Speichern des Mitglieds:', error)
    throw error
  }
})