import type { H3Event } from "h3";
import { GraphQLClient } from "graphql-request";
import { jwtDecode } from "jwt-decode";
import type { User } from "#auth-utils";
import type { AuthUserFragment } from "#graphql/fragments";
import { AuthRefreshTokenDocument, type AuthLoginResult } from "#graphql/operations";

// Handle login result and store user session
export async function handleLogin(event: H3Event, loginData: AuthLoginResult) {
  if (!loginData?.login) {
    return false;
  }
  const { user, authToken, refreshToken } = loginData.login;
  if (!user || !authToken || !refreshToken) {
    return false;
  }
  await setUserSession(event, {
    user: getAuthUser(user),
    secure: {
      authToken,
      refreshToken,
    },
    loggedInAt: new Date().toISOString(),
  });
  return true;
}

// Handle user logout by clearing session
export async function handleLogout(event: H3Event) {
  await clearUserSession(event);
  return true;
}

// Convert AuthUserFragment to nuxt-auth-utils User
function getAuthUser(user: AuthUserFragment): User {
  return {
    id: Number(user.id),
    email: user.email!,
    roles: extractNodes(user.roles).map(({ name }) => name!) || [],
  };
}

// Refresh auth token by calling remote GraphQL endpoint directly
export async function refreshAuthToken(refreshToken: string): Promise<string | undefined> {
  const client = new GraphQLClient(`${process.env.NUXT_WP_URL || "https://wp-headless.ledevsimple.ca"}/graphql`);
  const data = await client.request(AuthRefreshTokenDocument, { refreshToken });
  return data.refreshToken?.authToken || undefined;
}

// Get auth token from user session (refresh if needed)
export async function getAuthToken(event: H3Event): Promise<string | undefined> {
  // Retrieve user session, return if none
  const session = await getUserSession(event);
  if (!session.secure) {
    return;
  }

  // Extract tokens and check expiration
  const { authToken, refreshToken } = session.secure;
  const decoded = jwtDecode<{ exp: number }>(authToken);
  const isExpired = decoded.exp * 1000 < Date.now();
  if (isExpired) {
    try {
      const newAuthToken = await refreshAuthToken(refreshToken);
      if (!newAuthToken) {
        throw new Error("Impossible de rafraîchir le jeton d'authentification.");
      }
      session.secure.authToken = newAuthToken;
      await setUserSession(event, session);
    }
    catch {
      await clearUserSession(event);
      return;
    }
  }

  return session.secure.authToken;
}