import jwt from "jsonwebtoken";
import Update from "../../models/update.js";
import { connectDB } from "../../utils/mongoose.js";

export default defineEventHandler(async (event) => {
  await connectDB();

  const token = getCookie(event, "auth-token");

  if (!token) {
    throw createError({
      statusCode: 401,
      statusMessage: "Not authenticated",
    });
  }

  let memberId;
  try {
    const decoded = jwt.verify(token, process.env.JWT_SECRET);
    memberId = decoded.memberId;
  } catch (err) {
    throw createError({
      statusCode: 401,
      statusMessage: "Invalid or expired token",
    });
  }

  const id = getRouterParam(event, "id");

  try {
    const update = await Update.findById(id);

    if (!update) {
      throw createError({
        statusCode: 404,
        statusMessage: "Update not found",
      });
    }

    // Check if user is the author
    if (update.author.toString() !== memberId) {
      throw createError({
        statusCode: 403,
        statusMessage: "You can only delete your own updates",
      });
    }

    await Update.findByIdAndDelete(id);

    return { success: true };
  } catch (error) {
    if (error.statusCode) throw error;
    console.error("Delete update error:", error);
    throw createError({
      statusCode: 500,
      statusMessage: "Failed to delete update",
    });
  }
});