// Auth service: pure business logic for login. Route handler calls
// this and handles cookie setting + response. Service does not know
// about Next.js or HTTP at all.

import { userRepository } from '@/lib/repositories/user.repository';
import { verifyPassword } from '@/lib/auth/password';
import { signToken } from '@/lib/auth/jwt';
import { HttpError } from '@/lib/auth/session';
import { LoginInput } from '@/lib/validators';

export const authService = {
  async login(input: LoginInput) {
    const user = await userRepository.findByEmail(input.email);
    if (!user) throw new HttpError(401, 'Invalid email or password');

    const valid = await verifyPassword(input.password, user.password);
    if (!valid) throw new HttpError(401, 'Invalid email or password');

    const token = await signToken({
      userId: user.id,
      role: user.role,
      email: user.email,
      name: user.name,
    });

    return {
      token,
      user: {
        id: user.id,
        name: user.name,
        email: user.email,
        role: user.role,
      },
    };
  },
};