import { z } from 'zod'
import { verifyToken, generateAccessToken, generateRefreshToken } from '../../utils/jwt'
import { getUserById } from '../../modules/auth/user'
import { refreshAccessToken } from 'server/modules/oauth'

const refreshSchema = z.object({
  refreshToken: z.string().min(1, '刷新令牌不能为空')
})

export default defineEventHandler(async (event) => {
  const body = await readBody(event)
  
  const result = refreshSchema.safeParse(body)
  if (!result.success) {
    throw createError({
      statusCode: 400,
      message: result.error.errors[0].message
    })
  }

  const { refreshToken } = result.data

  const payload = verifyToken(refreshToken)
  if (!payload || payload.type !== 'refresh') {
    throw createError({
      statusCode: 401,
      message: '无效的刷新令牌'
    })
  }

  const user = getUserById(payload.userId)
  if (!user || user.status !== 'active') {
    throw createError({
      statusCode: 401,
      message: '用户不存在或已被禁用'
    })
  }

  const newPayload = {
    sub: user.username,
    userId: user.id,
    username: user.username,
    role: user.role_name!,
    permissions: user.permissions || []
  }

  const accessToken = generateAccessToken(newPayload)
  const newRefreshToken = generateRefreshToken(newPayload)

  return {
    success: true,
    data: {
      accessToken,
      refreshToken: newRefreshToken,
      expiresIn: 7 * 24 * 60 * 60,
      tokenType: 'Bearer'
    }
  }
})