import { json, error } from '@sveltejs/kit';
import { getDb, newId } from '$lib/server/db';
import { hashPassword, signJwt } from '$lib/server/auth';

export async function POST({ request }) {
	const { vereinName, email, password, name } = await request.json();
	if (!vereinName || !email || !password) throw error(400, 'Pflichtfelder fehlen');
	if (password.length < 8) throw error(400, 'Passwort mindestens 8 Zeichen');

	const db = getDb();
	const existing = db.prepare('SELECT id FROM users WHERE email = ?').get(email.toLowerCase());
	if (existing) throw error(409, 'E-Mail bereits registriert');

	const vereinId = newId();
	const userId   = newId();
	const hash     = await hashPassword(password);

	db.prepare('INSERT INTO vereine (id, name) VALUES (?, ?)').run(vereinId, vereinName);
	db.prepare('INSERT INTO users (id, verein_id, email, password_hash, name, rolle) VALUES (?, ?, ?, ?, ?, NULL)')
		.run(userId, vereinId, email.toLowerCase(), hash, name || email.split('@')[0]);

	const token = await signJwt({ sub: userId, verein_id: vereinId, rolle: null, name: name || email.split('@')[0], email: email.toLowerCase() });
	return json({ token, id: userId, verein_id: vereinId, rolle: null, name: name || email.split('@')[0], email: email.toLowerCase() }, { status: 201 });
}