/** @type {import('./$types').Actions} */
import {compare} from 'bcrypt';
import {initDb} from '$lib/db/db.js';
import {randomBytes} from 'crypto';
import { serialize } from 'cookie';

const db = await initDb();

/** @type {import('./$types').RequestHandler} */
export async function POST(event) {
    var data = await event.request.formData();
    var user = data.get("username");
    var password = data.get("password");

    var rows = await db.all(
        "SELECT * from auth WHERE user = ?",
        [user]
    );

    if (rows && rows.length > 0) {
        var isPass = await compare(password,rows[0].password);
    } else {
        return new Response('nouser');
    }

    if (isPass) {
        var token = randomBytes(64).toString('hex');
        await db.run("DELETE FROM token WHERE user = ?",user);
        await db.run("INSERT INTO token (user,token) VALUES (?,?)",user,token);
 
        event.cookies.set('token',token,{
            path: '/',
            httpOnly: true,
            sameSite: 'strict',
            secure: true,
            maxAge: 60 * 60 * 24 * 7
        })
        return new Response('loggedin');

    } else {
        return new Response('wrongpass');
    }
};