import { getDb } from '../../utils/db.js'
import { requireAuth } from '../../utils/authHelpers.js'
import { hashPassword } from '../../utils/password.js'

export default defineEventHandler(async (event) => {
  const currentUser = requireAuth(event)
  const body = await readBody(event).catch(() => ({}))
  const password = body?.password

  if (typeof password !== 'string' || password.length < 1) {
    throw createError({ statusCode: 400, message: 'Password is required' })
  }

  const { get, run } = await getDb()
  const user = await get(
    'SELECT id, auth_provider FROM users WHERE id = ?',
    [currentUser.id],
  )
  if (!user) {
    throw createError({ statusCode: 404, message: 'User not found' })
  }

  const hash = hashPassword(password)
  await run('UPDATE users SET cot_password_hash = ? WHERE id = ?', [hash, currentUser.id])
  return { ok: true }
})