import { requireUser } from "../../utils/auth";
import { getActiveCooldown, cancelCooldown } from "../../db/cooldown";

/**
 * POST /api/cooldown/cancel
 * User changes their mind: cancels the cooldown request.
 * The DNS protection REMAINS active — this only removes the pending cooldown
 * so they would need to start a new 24h wait if they decide to disable again.
 */
export default defineEventHandler(async (event) => {
  const user = await requireUser(event);

  const cooldown = await getActiveCooldown(user.id);
  if (!cooldown) {
    throw createError({
      statusCode: 404,
      data: { error: "no_active_cooldown" },
    });
  }

  await cancelCooldown(cooldown.id);

  return { success: true, data: { cancelled: true } };
});