import { unlink } from 'node:fs/promises'
import { join } from 'node:path'

export default defineEventHandler(async (event) => {
  const path = getRouterParam(event, 'path')

  if (!path) {
    throw createError({ statusCode: 400, statusMessage: 'No path provided' })
  }

  // Prevent path traversal
  if (path.includes('..')) {
    throw createError({ statusCode: 400, statusMessage: 'Invalid path' })
  }

  const publicDir = join(process.cwd(), 'public')
  const filePath = join(publicDir, path)

  // Ensure file is within public dir
  if (!filePath.startsWith(publicDir)) {
    throw createError({ statusCode: 400, statusMessage: 'Invalid path' })
  }

  try {
    await unlink(filePath)
    return { ok: true }
  }
  catch {
    throw createError({ statusCode: 404, statusMessage: 'File not found' })
  }
})