import { createError, eventHandler, readBody, sendRedirect } from 'h3';
import jwt from 'jsonwebtoken';

const SECRET = 'SECRETTUEITKEY'

interface User {
  username: string;
  id: string;
}

interface JwtPayload extends User {
  exp: number;
}

export default eventHandler(async (event) => {
  const body = await readBody<{ refreshToken: string }>(event);

  if (!body.refreshToken) {
    throw createError({
      statusCode: 403,
      statusMessage: 'Unauthorized, no refreshToken in payload'
    });
  };

  const decoded = jwt.verify(body.refreshToken, SECRET) as JwtPayload | undefined;

  if (!decoded) {
    throw createError({
      statusCode: 403,
      statusMessage: 'Unauthorized, refreshToken can`t be verified'
    });
  };


  // decoded.userId exists on JwtPayload, TS falsely wants decoded.id
  const user: User = {
    username: decoded.username,
    id: decoded.userId,
  };

  const authToken = jwt.sign( user, SECRET, { expiresIn: 60 * 5 }); // expires in 5 min
  const refreshToken = jwt.sign( user, SECRET, {  expiresIn: 60 * 60 * 24 * 7 }); // expires in 7 days

  return {
    token: {
      authToken,
      refreshToken
    }
  };
})