import { verifyToken, getUserFromToken, readUsers, writeUsers } from '../../utils/auth.js'
import { upsertPushToken } from '../../utils/push-notifications.js'

function tokenFromEvent(event) {
  return getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace(/^Bearer\s+/i, '')
}

export default defineEventHandler(async (event) => {
  const token = tokenFromEvent(event)
  if (!token) throw createError({ statusCode: 401, message: 'Nicht authentifiziert.' })
  const decoded = verifyToken(token)
  if (!decoded) throw createError({ statusCode: 401, message: 'Ungültiges Token.' })
  const sessionUser = await getUserFromToken(token)
  if (!sessionUser) throw createError({ statusCode: 401, message: 'Ungültige Sitzung.' })
  const body = await readBody(event)
  if (!body?.token || typeof body.token !== 'string') {
    throw createError({ statusCode: 400, message: 'Push-Token fehlt.' })
  }
  const users = await readUsers()
  const userIndex = users.findIndex(user => user.id === decoded.id)
  if (userIndex === -1) throw createError({ statusCode: 404, message: 'Benutzer nicht gefunden.' })
  upsertPushToken(users[userIndex], {
    token: body.token,
    platform: body.platform || 'android',
    appVersion: body.appVersion || null
  })
  await writeUsers(users)
  return { success: true, message: 'Push-Token gespeichert.' }
})