import { verifyToken, getUserFromToken, readUsers, writeUsers } from '../../utils/auth.js'
import { sanitizeNotificationSettings } from '../../utils/notification-settings.js'

function tokenFromEvent(event) {
  return getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace(/^Bearer\s+/i, '')
}

async function requireAuthenticatedUser(event) {
  const token = tokenFromEvent(event)
  if (!token) throw createError({ statusCode: 401, message: 'Nicht authentifiziert.' })
  const decoded = verifyToken(token)
  if (!decoded) throw createError({ statusCode: 401, message: 'Ungültiges Token.' })
  const user = await getUserFromToken(token)
  if (!user) throw createError({ statusCode: 401, message: 'Ungültige Sitzung.' })
  return { token, decoded, user }
}

export default defineEventHandler(async (event) => {
  const { decoded } = await requireAuthenticatedUser(event)
  const body = await readBody(event)
  const settings = sanitizeNotificationSettings(body?.settings || body || {})
  const users = await readUsers()
  const userIndex = users.findIndex(user => user.id === decoded.id)
  if (userIndex === -1) {
    throw createError({ statusCode: 404, message: 'Benutzer nicht gefunden.' })
  }
  users[userIndex].notificationSettings = settings
  await writeUsers(users)
  return {
    success: true,
    message: 'Benachrichtigungseinstellungen gespeichert.',
    settings
  }
})