/**
 * admin.auth.completeLogin - Complete pending login request (dev helper)
 */

import { ORPCError } from "@orpc/server";
import { superuserProcedure } from "../../base.js";

export const adminAuthCompleteLogin =
  superuserProcedure.admin.auth.completeLogin.handler(
    async ({ input, context }) => {
      const email = input.email.toLowerCase();

      // First check if any login request exists for this email
      const anyRequest = await context.db
        .selectFrom("login_requests")
        .where("email", "=", email)
        .orderBy("created_at", "desc")
        .select(["id", "completed_at", "expires_at"])
        .executeTakeFirst();

      if (!anyRequest) {
        throw new ORPCError("NOT_FOUND", {
          message: `No login request found for ${email}`,
        });
      }

      // Check if already completed
      if (anyRequest.completed_at) {
        throw new ORPCError("BAD_REQUEST", {
          message: "Login request already completed",
        });
      }

      // Check if expired
      if (new Date(anyRequest.expires_at) < new Date()) {
        throw new ORPCError("BAD_REQUEST", {
          message:
            "Login request expired (15 min limit). Start a new login flow.",
        });
      }

      // Complete the login request
      await context.db
        .updateTable("login_requests")
        .set({ completed_at: new Date() })
        .where("id", "=", anyRequest.id)
        .execute();

      return { success: true };
    },
  );