import bcrypt from "bcrypt";
import { Router } from "express";
import User from "../models/User.js";
import Token from "../models/Token.js";

const router = Router();

router.post("/", async (req, res) => {
  const { oldPassword, newPassword } = req.body;

  try {
    const user = res.locals.user;
    const accessToken = res.locals.accessToken;

    if (!bcrypt.compareSync(oldPassword, user.password)) {
      return res.json({ error: "Old password is wrong" });
    }

    const newPasswordHash = bcrypt.hashSync(newPassword, 12);

    await User.findByIdAndUpdate(user._id, { password: newPasswordHash });
    await Token.deleteMany({
      userId: user._id,
      accessToken: { $ne: accessToken },
    });

    return res.json({ ok: 1 });
  } catch (error) {
    return res.json({ error: (error as Error).message });
  }
});

const changePasswordRoute = router;

export default changePasswordRoute;