import { randomBytes } from "crypto";

/**
 * POST /api/magic/pair/redeem
 *
 * KEIN auth required — Mac-App hat noch keinen Token.
 * Body: { code: "482913", label?: "MacBook Pro" }
 *
 * Tauscht einen 6-stelligen Pairing-Code (single-use, 10min TTL) gegen einen
 * MagicSession-Token ("mgc_<48 char>"). Token wird in Mac-Keychain gespeichert
 * und ersetzt Supabase-JWT für alle /api/magic/* Endpoints.
 */
export default defineEventHandler(async (event) => {
  const body = await readBody(event);
  const { code, label } = body as { code?: string; label?: string };

  if (!code || !/^\d{6}$/.test(code)) {
    throw createError({
      statusCode: 400,
      message: "code muss 6 Ziffern enthalten",
    });
  }

  const db = usePrisma();
  const pairingCode = await db.magicPairingCode.findUnique({
    where: { code },
    select: {
      id: true,
      userId: true,
      expiresAt: true,
      redeemedAt: true,
    },
  });

  if (!pairingCode) {
    throw createError({ statusCode: 404, message: "Code ungültig" });
  }

  if (pairingCode.redeemedAt !== null) {
    throw createError({ statusCode: 410, message: "Code bereits verwendet" });
  }

  if (pairingCode.expiresAt < new Date()) {
    throw createError({ statusCode: 410, message: "Code abgelaufen" });
  }

  // Generiere Session-Token
  const token = "mgc_" + randomBytes(36).toString("base64url");

  const session = await db.magicSession.create({
    data: {
      userId: pairingCode.userId,
      token,
      label: label?.trim() || null,
    },
    select: { id: true, createdAt: true },
  });

  // Code als redeemed markieren (single-use)
  await db.magicPairingCode.update({
    where: { id: pairingCode.id },
    data: {
      redeemedAt: new Date(),
      sessionId: session.id,
    },
  });

  return {
    success: true,
    data: {
      token,
      sessionId: session.id,
      createdAt: session.createdAt.toISOString(),
    },
  };
});