import { z } from 'zod'

const bodySchema = z.object({
    documento: z.string().trim().min(11).max(20).optional(),
    returnTo: z.string().startsWith('/').max(200).optional(),
    primary: z.string().regex(/^[0-9a-fA-F]{6}$/).optional(),
    dark: z.boolean().optional(),
})

export default defineEventHandler(async (event) => {
    const body = await readValidatedBody(event, bodySchema.safeParse)
    if (!body.success) {
        throw createError({ statusCode: 400, statusMessage: 'Body inválido' })
    }

    const { codeVerifier, codeChallenge, state } = await generatePkce()
    const returnTo = body.data.returnTo ?? '/portal/painel'

    try {
        await savePkceState(state, {
            codeVerifier,
            returnTo,
            createdAt: Date.now(),
        })
    } catch (err) {
        console.error('[auth/login] falha ao salvar estado PKCE (Redis indisponível?):', (err as Error).message)
        throw createError({ statusCode: 503, statusMessage: 'Serviço temporariamente indisponível. Tente novamente em instantes.' })
    }

    const redirectUri = callbackUrlFromEvent(event)
    const authUrl = buildAuthUrl({
        codeChallenge,
        state,
        redirectUri,
        loginHint: body.data.documento?.replace(/\D/g, ''),
        primary: body.data.primary,
        dark: body.data.dark,
    })

    return { authUrl }
})