(local lib (require :lib))
(local shop (require :shop))

(fn render [request db]
  (if (= request.method "POST")
    (do
      (var order-id request.cookies.order)
      (var headers {})

      (when (not order-id)
        (local next-week
          (os.date "%a, %d %b %Y %H:%M:%S GMT" (+ (os.time) (* 60 60 24 7))))
        (set order-id (shop.create-order db))
        (set headers
          {:Set-Cookie (.. "order=" order-id "; Path=/; "
                           "Expires=" next-week "; "
                           "HttpOnly; SameSite=strict"
                           (if luna.debug? "" "; Secure"))}))

      (let [body-values (lib.parse-values request.body)]
        (if (and order-id request.body
                 (< 0 (tonumber body-values.quantity))
                 (not (shop.in-basket? db order-id body-values.name)))
          (do
            (shop.create-order-line
              db order-id body-values.name body-values.quantity)
            (tset headers :Location (_G.must
                                      (luna.http.decode-url
                                        body-values.redirect-url)))
            (values 302 headers ""))
          (values 400 {} "bad body"))))
    (values 404 {} "not found")))

{: render}