import { defineEventHandler, createError } from 'h3'
import { getSubdomainFromRequest } from '~/server/utils/tenant'
import { getSessionToken } from '~/server/utils/session'

/**
 * Get a short-lived token for WebSocket authentication
 * This is needed because socket.io cannot use HTTP-only cookies directly
 */
export default defineEventHandler(async (event) => {
  const subdomain = getSubdomainFromRequest(event)
  const token = getSessionToken(event)

  if (!token) {
    throw createError({
      statusCode: 401,
      statusMessage: 'Not authenticated',
    })
  }

  // Return the token for WebSocket use
  // The token is already validated by being in the HTTP-only cookie
  return {
    token,
    subdomain,
  }
})