import { signToken } from "../../middleware/adminAuth";

export default defineEventHandler(async (event) => {
  const body = await readBody<{ password?: string }>(event);
  const adminPassword = useRuntimeConfig().adminPassword;

  if (!adminPassword) {
    throw createError({ statusCode: 500, statusMessage: "Admin password not configured" });
  }

  if (!body?.password || body.password !== adminPassword) {
    throw createError({ statusCode: 401, statusMessage: "Invalid password" });
  }

  const payload = Date.now().toString(36);
  const signature = signToken(payload);
  const token = `${payload}.${signature}`;

  setCookie(event, "admin-session", token, {
    httpOnly: true,
    secure: process.env.NODE_ENV === "production",
    sameSite: "strict",
    maxAge: 60 * 60 * 24, // 24 hours
    path: "/",
  });

  return { ok: true };
});