// src/stores/authStore.js
import { defineStore } from 'pinia'
import api from 'src/services/api'
import { usePermissionStore } from 'stores/permissionStore'

export const useAuthStore = defineStore('auth', {
  state: () => {
    let user = null

    try {
      const raw = localStorage.getItem('user')
      if (raw && raw !== 'undefined' && raw !== 'null') {
        user = JSON.parse(raw)
      }
    } catch {
      console.warn('⚠️ Invalid user in localStorage, cleared')
      localStorage.removeItem('user')
    }

    return {
      token: localStorage.getItem('token'),
      user,
      forcePasswordChange: localStorage.getItem('forcePasswordChange') === '1'
    }
  },

  getters: {
    isAuthenticated: s => !!s.token,
    mustChangePassword: s => !!s.forcePasswordChange,

    // 🔥 TEK ADMIN KURALI
    isAdmin: s =>
      String(s.user?.role_code || '').toLowerCase() === 'admin'
  },

  actions: {
    /* =========================================================
       🔐 SESSION
    ========================================================= */
    setSession ({ token, user }) {
      this.token = token
      this.user = user ?? null
      this.forcePasswordChange = !!user?.force_password_change

      localStorage.setItem('token', token)

      if (user) {
        localStorage.setItem('user', JSON.stringify(user))
      } else {
        localStorage.removeItem('user')
      }

      localStorage.setItem(
        'forcePasswordChange',
        this.forcePasswordChange ? '1' : '0'
      )
    },

    clearSession () {
      this.token = null
      this.user = null
      this.forcePasswordChange = false

      localStorage.removeItem('token')
      localStorage.removeItem('user')
      localStorage.removeItem('forcePasswordChange')

      usePermissionStore().clear()
    },

    /* =========================================================
       🔐 LOGIN
    ========================================================= */
    async login (username, password) {
      const res = await api.post('/auth/login', { username, password })

      const token =
        res?.token ||
        res?.data?.token ||
        res?.access_token ||
        res?.data?.access_token

      const user =
        res?.user ||
        res?.data?.user

      // ✅ JWT doğrulama
      const tokenStr = typeof token === 'string' ? token.trim() : ''
      const looksLikeJwt = tokenStr.split('.').length === 3

      if (!tokenStr || !looksLikeJwt) {
        console.error('❌ LOGIN RESPONSE (unexpected):', res)
        throw new Error('Invalid login token')
      }

      this.setSession({ token: tokenStr, user })

      // 🔥 PERMISSIONS
      const perm = usePermissionStore()
      await perm.fetchPermissions()




      // 🧪 DEBUG (istersen sonra kaldır)
      console.log('🔐 AUTH DEBUG', {
        isAdmin: this.isAdmin,
        users: perm.hasPermission('/api/users/list'),
        orders: perm.hasPermission('/api/orders/list'),
        logs: perm.hasPermission('/api/activity-logs'),
        permissions: perm.hasPermission('/api/permissions/matrix')
      })

      return true
    }
  }
})