"use client";

import { createContext, useContext, useState, useEffect, useCallback, ReactNode } from "react";

import { api, ApiError } from "./api";

// Permission constants matching backend
export const Permission = {
  VIEW_COUNTER: "view_counter",
  INCREMENT_COUNTER: "increment_counter",
  USE_SUM: "use_sum",
  VIEW_AUDIT: "view_audit",
} as const;

export type PermissionType = typeof Permission[keyof typeof Permission];

interface User {
  id: number;
  email: string;
  roles: string[];
  permissions: string[];
}

interface AuthContextType {
  user: User | null;
  isLoading: boolean;
  login: (email: string, password: string) => Promise<void>;
  register: (email: string, password: string) => Promise<void>;
  logout: () => Promise<void>;
  hasPermission: (permission: PermissionType) => boolean;
  hasRole: (role: string) => boolean;
}

const AuthContext = createContext<AuthContextType | null>(null);

export function AuthProvider({ children }: { children: ReactNode }) {
  const [user, setUser] = useState<User | null>(null);
  const [isLoading, setIsLoading] = useState(true);

  useEffect(() => {
    checkAuth();
  }, []);

  const checkAuth = async () => {
    try {
      const userData = await api.get<User>("/api/auth/me");
      setUser(userData);
    } catch {
      // Not authenticated
    } finally {
      setIsLoading(false);
    }
  };

  const login = async (email: string, password: string) => {
    try {
      const userData = await api.post<User>("/api/auth/login", { email, password });
      setUser(userData);
    } catch (err) {
      if (err instanceof ApiError) {
        const data = err.data as { detail?: string };
        throw new Error(data?.detail || "Login failed");
      }
      throw err;
    }
  };

  const register = async (email: string, password: string) => {
    try {
      const userData = await api.post<User>("/api/auth/register", { email, password });
      setUser(userData);
    } catch (err) {
      if (err instanceof ApiError) {
        const data = err.data as { detail?: string };
        throw new Error(data?.detail || "Registration failed");
      }
      throw err;
    }
  };

  const logout = async () => {
    try {
      await api.post("/api/auth/logout");
    } catch {
      // Ignore errors on logout
    }
    setUser(null);
  };

  const hasPermission = useCallback((permission: PermissionType): boolean => {
    return user?.permissions.includes(permission) ?? false;
  }, [user]);

  const hasRole = useCallback((role: string): boolean => {
    return user?.roles.includes(role) ?? false;
  }, [user]);

  return (
    <AuthContext.Provider
      value={{
        user,
        isLoading,
        login,
        register,
        logout,
        hasPermission,
        hasRole,
      }}
    >
      {children}
    </AuthContext.Provider>
  );
}

export function useAuth() {
  const context = useContext(AuthContext);
  if (!context) {
    throw new Error("useAuth must be used within an AuthProvider");
  }
  return context;
}