import { verifyToken, getUserFromToken } from '../../utils/auth.js'
import { notificationSettingsForUser } from '../../utils/notification-settings.js'

function tokenFromEvent(event) {
  return getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace(/^Bearer\s+/i, '')
}

async function requireAuthenticatedUser(event) {
  const token = tokenFromEvent(event)
  if (!token) throw createError({ statusCode: 401, message: 'Nicht authentifiziert.' })
  const decoded = verifyToken(token)
  if (!decoded) throw createError({ statusCode: 401, message: 'Ungültiges Token.' })
  const user = await getUserFromToken(token)
  if (!user) throw createError({ statusCode: 401, message: 'Ungültige Sitzung.' })
  return { token, decoded, user }
}

export default defineEventHandler(async (event) => {
  const { user } = await requireAuthenticatedUser(event)
  return {
    success: true,
    settings: notificationSettingsForUser(user)
  }
})