import type { APIRoute } from "astro";
import { db } from "../../../../db";
import { apiTokens } from "../../../../db/schema";
import { generateApiToken, hashToken } from "../../../../lib/api-auth";

export const POST: APIRoute = async ({ request, locals }) => {
  const user = locals.user;
  if (!user) {
    return new Response(JSON.stringify({ error: "Unauthorized" }), {
      status: 401,
      headers: { "Content-Type": "application/json" },
    });
  }

  let name: string | undefined;

  const contentType = request.headers.get("content-type");
  if (contentType?.includes("application/json")) {
    const body = await request.json();
    name = body.name;
  } else {
    const formData = await request.formData();
    name = formData.get("name")?.toString();
  }

  if (!name) {
    return new Response(JSON.stringify({ error: "Name is required" }), {
      status: 400,
      headers: { "Content-Type": "application/json" },
    });
  }

  const rawToken = generateApiToken();
  const hashedToken = hashToken(rawToken);

  const [newToken] = await db
    .insert(apiTokens)
    .values({
      userId: user.id,
      name,
      token: hashedToken,
    })
    .returning();

  return new Response(
    JSON.stringify({
      ...newToken,
      token: rawToken,
    }),
    {
      status: 201,
      headers: {
        "Content-Type": "application/json",
      },
    },
  );
};