import { verifyToken, getUserById, migrateUserRoles } from '../utils/auth.js'

export default defineEventHandler(async (event) => {
  try {
    const token = getCookie(event, 'auth_token')

    if (!token) {
      throw createError({
        statusCode: 401,
        message: 'Nicht authentifiziert.'
      })
    }

    const decoded = verifyToken(token)

    if (!decoded) {
      throw createError({
        statusCode: 401,
        message: 'Ungültiges Token.'
      })
    }

    const user = await getUserById(decoded.id)

    if (!user || user.active === false) {
      throw createError({
        statusCode: 403,
        message: 'Benutzer nicht gefunden oder inaktiv.'
      })
    }

    const migratedUser = migrateUserRoles({ ...user })
    const roles = Array.isArray(migratedUser.roles) ? migratedUser.roles : (migratedUser.role ? [migratedUser.role] : ['mitglied'])

    // Return user data (without password)
    return {
      success: true,
      user: {
        id: user.id,
        email: user.email,
        name: user.name,
        phone: user.phone || '',
        roles: roles,
        role: roles[0] || 'mitglied' // Rückwärtskompatibilität
      }
    }
  } catch (error) {
    console.error('Profil-Abruf-Fehler:', error)
    throw error
  }
})