import { fail, redirect } from '@sveltejs/kit';
import type { Actions, PageServerLoad } from './$types';
import { db } from '$lib/server/db';
import { users, type NewUser } from '$lib/db/schema';
import { eq } from 'drizzle-orm';
import bcrypt from 'bcrypt';
import { env } from '$env/dynamic/private';
import { sanitizeString, sanitizeUsername } from '$lib/server/validation';

export const load: PageServerLoad = async () => {
  // Determine which OAuth providers are available
  const oauthProviders = [];

  if (env.GOOGLE_CLIENT_ID && env.GOOGLE_CLIENT_SECRET) {
    oauthProviders.push({ id: 'google', name: 'Google' });
  }

  if (env.AUTHENTIK_CLIENT_ID && env.AUTHENTIK_CLIENT_SECRET && env.AUTHENTIK_ISSUER) {
    oauthProviders.push({ id: 'authentik', name: 'Authentik' });
  }

  return {
    oauthProviders
  };
};

export const actions: Actions = {
  default: async ({ request }) => {
    const formData = await request.formData();
    const name = formData.get('name') as string;
    const username = formData.get('username') as string;
    const password = formData.get('password') as string;
    const confirmPassword = formData.get('confirmPassword') as string;

    let sanitizedUsername: string;
    let sanitizedName: string | null;

    try {
      sanitizedName = sanitizeString(name, 100);
      sanitizedUsername = sanitizeUsername(username);
  } catch {
    return fail(400, { error: 'Invalid input', name, username });
  }

    if (!sanitizedName) {
      return fail(400, { error: 'Name is required', name, username });
    }

    if (!password || password.length < 8) {
      return fail(400, { error: 'Password must be at least 8 characters', name, username });
    }

    if (password !== confirmPassword) {
      return fail(400, { error: 'Passwords do not match', name, username });
    }

    const existingUser = await db.query.users.findFirst({
      where: eq(users.username, sanitizedUsername)
    });

    if (existingUser) {
      return fail(400, { error: 'Username already taken', name, username });
    }

    const hashedPassword = await bcrypt.hash(password, 14);

    const newUser: NewUser = {
      name: sanitizedName,
      username: sanitizedUsername,
      password: hashedPassword
    };
    await db.insert(users).values(newUser);

    throw redirect(303, '/signin?registered=true');
  }
};