// server/api/auth/login.post.js
import jwt from 'jsonwebtoken'
import { Resend } from 'resend'
import Member from '../../models/member.js'
import { connectDB } from '../../utils/mongoose.js'

const resend = new Resend(process.env.RESEND_API_KEY)

export default defineEventHandler(async (event) => {
  // Connect to database
  await connectDB()
  
  const { email } = await readBody(event)
  
  if (!email) {
    throw createError({ 
      statusCode: 400, 
      statusMessage: 'Email is required' 
    })
  }
  
  const member = await Member.findOne({ email })
  if (!member) {
    throw createError({ 
      statusCode: 404, 
      statusMessage: 'No account found with that email address' 
    })
  }
  
  // Generate magic link token
  const token = jwt.sign(
    { memberId: member._id }, 
    process.env.JWT_SECRET,
    { expiresIn: '15m' } // Shorter expiry for security
  )
  
  // Get the base URL for the magic link
  const headers = getHeaders(event)
  const baseUrl = process.env.BASE_URL || `${headers.host?.includes('localhost') ? 'http' : 'https'}://${headers.host}`
  
  // Send magic link via Resend
  try {
    await resend.emails.send({
      from: 'Ghost Guild <noreply@ghostguild.org>',
      to: email,
      subject: 'Your Ghost Guild login link',
      html: `
        <div style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto;">
          <h2 style="color: #2563eb;">Welcome back to Ghost Guild!</h2>
          <p>Click the button below to sign in to your account:</p>
          <div style="text-align: center; margin: 30px 0;">
            <a href="${baseUrl}/api/auth/verify?token=${token}" 
               style="background-color: #2563eb; color: white; padding: 12px 24px; text-decoration: none; border-radius: 6px; display: inline-block;">
              Sign In to Ghost Guild
            </a>
          </div>
          <p style="color: #666; font-size: 14px;">
            This link will expire in 15 minutes for security. If you didn't request this login link, you can safely ignore this email.
          </p>
        </div>
      `
    })
    
    return { 
      success: true, 
      message: 'Login link sent to your email' 
    }
    
  } catch (error) {
    console.error('Failed to send email:', error)
    throw createError({ 
      statusCode: 500, 
      statusMessage: 'Failed to send login email. Please try again.' 
    })
  }
})