import { fail, guard, ok, readJson } from "@/lib/api";
import { setPassword, verifyPassword } from "@/lib/auth";

export async function POST(req: Request) {
  const g = await guard(); if (g) return g;
  const b = await readJson<{ oldPassword?: string; newPassword?: string }>(req);
  if (!b.oldPassword || !b.newPassword) return fail("missing_fields");
  if (b.newPassword.length < 4) return fail("password_too_short");
  if (!(await verifyPassword(b.oldPassword))) return fail("wrong_old_password", 401);
  await setPassword(b.newPassword);
  return ok({ ok: true });
}
