import type { APIRoute } from "astro";
import { db } from "../../../../../db";
import { passkeys } from "../../../../../db/schema";
import { eq, and } from "drizzle-orm";

export const DELETE: APIRoute = async ({ request, locals }) => {
  const user = locals.user;

  if (!user) {
    return new Response(JSON.stringify({ error: "Unauthorized" }), {
      status: 401,
    });
  }

  const url = new URL(request.url);
  const id = url.searchParams.get("id");

  if (!id) {
    return new Response(JSON.stringify({ error: "Passkey ID is required" }), {
      status: 400,
    });
  }

  try {
    await db
      .delete(passkeys)
      .where(and(eq(passkeys.id, id), eq(passkeys.userId, user.id)));

    return new Response(JSON.stringify({ success: true }));
  } catch (error) {
    return new Response(JSON.stringify({ error: "Failed to delete passkey" }), {
      status: 500,
    });
  }
};