'use server';

import { redirect } from 'next/navigation';
import { verifyCredentials, getBeoDisplayName } from '@/lib/auth';
import { createSession } from '@/lib/session';

export async function login(
  _prevState: { error: string } | undefined,
  formData: FormData
): Promise<{ error: string }> {
  const kuerzel = (formData.get('username') as string)?.trim();
  const password = formData.get('password') as string;

  if (!kuerzel || !password) {
    return { error: 'Bitte Kürzel und Passwort eingeben.' };
  }

  const result = await verifyCredentials(kuerzel, password);

  if (!result || !result.valid) {
    return { error: 'Ungültiges Kürzel oder Passwort.' };
  }

  await createSession({
    kuerzel: result.beo.kürzel ?? kuerzel,
    beoId: result.beo.id,
    beoName: getBeoDisplayName(result.beo),
    mustChangePassword: result.beo.MustChangePassword === 1,
    isAuthenticated: true,
  });

  if (result.beo.MustChangePassword === 1 || !result.beo.pw) {
    redirect('/change-password');
  }

  redirect('/');
}