import { readCredentials } from '../../../utils/adUserCredentials'

export default defineEventHandler(async (event) => {
  const userIdRaw = getCookie(event, 'logship_user_id')
  const token = getCookie(event, 'logship_it')
  const userId = Number(userIdRaw)
  if (!userId || !token) {
    throw createError({ statusCode: 401, statusMessage: 'Not authenticated' })
  }

  const stored = await readCredentials(event, userId, token).catch(() => ({ keys: [], password: null }))

  // Never return the public key or the encrypted password block.
  return {
    keys: stored.keys.map(k => ({
      credentialId: k.credentialId,
      nickname: k.nickname,
      createdAt: k.createdAt,
      transports: k.transports ?? [],
      deviceType: k.deviceType ?? null,
    })),
    hasPasswordStored: !!stored.password,
  }
})