import { Schema } from "effect";
import { safeUserIdentity } from "$lib/Data/AniList/identity";
import { setUserSubscription } from "$lib/Database/SB/User/notifications";
import { decodeAuthCookieOrNull } from "$lib/Effect/authCookie";
import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody";
import { isAllowedPushEndpoint } from "$lib/Utility/pushEndpoint";

const unauthorised = new Response("Unauthorised", { status: 401 });

export const POST = async ({ cookies, request, url }) => {
	const userCookie = cookies.get("user");
	const fingerprint = url.searchParams.get("p");

	if (!userCookie || !fingerprint) return unauthorised;

	const user = decodeAuthCookieOrNull(userCookie);

	if (!user) return unauthorised;

	const userId = (await safeUserIdentity(user))?.id;

	if (!userId) return unauthorised;

	const subscription = await decodeRequestJsonOrThrow(
		request,
		Schema.Record(Schema.String, Schema.Unknown),
	);

	if (
		typeof subscription.endpoint !== "string" ||
		!isAllowedPushEndpoint(subscription.endpoint)
	)
		return new Response("Invalid push endpoint", { status: 400 });

	await setUserSubscription(
		userId,
		subscription as unknown as JSON,
		fingerprint,
	);

	return new Response(null, { status: 200 });
};