import { z } from 'zod'

const bodySchema = z.object({
    documento: z.string().trim().min(11).max(20).optional(),
    returnTo: z.string().startsWith('/').max(200).optional(),
})

export default defineEventHandler(async (event) => {
    const body = await readValidatedBody(event, bodySchema.safeParse)
    if (!body.success) {
        throw createError({ statusCode: 400, statusMessage: 'Body inválido' })
    }

    const { codeVerifier, codeChallenge, state } = await generatePkce()
    const returnTo = body.data.returnTo ?? '/portal/painel'

    await savePkceState(state, {
        codeVerifier,
        returnTo,
        createdAt: Date.now(),
    })

    const redirectUri = callbackUrlFromEvent(event)
    const authUrl = buildAuthUrl({
        codeChallenge,
        state,
        redirectUri,
        loginHint: body.data.documento?.replace(/\D/g, ''),
    })

    return { authUrl }
})