import { verifyToken } from '../../utils/jwt'
import { getUserById } from '../../modules/auth/user'

export default defineEventHandler(async (event) => {
  const authHeader = getHeader(event, 'authorization')
  
  if (!authHeader || !authHeader.startsWith('Bearer ')) {
    throw createError({
      statusCode: 401,
      message: '访问令牌不能为空'
    })
  }

  const token = authHeader.substring(7)
  const payload = verifyToken(token)
  
  if (!payload || payload.type !== 'access') {
    throw createError({
      statusCode: 401,
      message: '无效的访问令牌'
    })
  }

  const user = getUserById(payload.userId)
  if (!user) {
    throw createError({
      statusCode: 404,
      message: '用户不存在'
    })
  }

  const scope = getQuery(event).scope as string | undefined
  const scopes = scope?.split(' ') || []

  const userInfo: Record<string, any> = {
    sub: String(user.id),
    name: user.real_name || user.username,
    preferred_username: user.username
  }

  if (scopes.includes('email') || scopes.length === 0) {
    userInfo.email = user.email
  }

  if (scopes.includes('profile') || scopes.length === 0) {
    userInfo.profile = {
      name: user.real_name,
      picture: user.avatar
    }
  }

  return userInfo
})