import crypto from 'crypto'

export default defineEventHandler(async (event) => {
  const { password } = await readBody(event)
  
  if (!password) {
    throw createError({
      statusCode: 400,
      statusMessage: 'Password is required'
    })
  }
  
  const correctPassword = process.env.APP_PASSWORD
  
  if (password !== correctPassword) {
    throw createError({
      statusCode: 401,
      statusMessage: 'Invalid password'
    })
  }
  
  const sessionToken = crypto.randomBytes(32).toString('hex')
  
  setCookie(event, 'auth-token', sessionToken, {
    httpOnly: true,
    secure: process.env.NODE_ENV === 'production',
    sameSite: 'lax',
    maxAge: 60 * 60 * 24 * 7 // 7 days
  })
  
  await useStorage('memory').setItem(`session:${sessionToken}`, {
    authenticated: true,
    createdAt: new Date().toISOString(),
    expiresAt: new Date(Date.now() + (60 * 60 * 24 * 7 * 1000)).toISOString() // 7 days
  })
  
  return { success: true }
})