/**
 * Fogbreak Auth Service
 * Secure token storage and session management.
 * Uses expo-secure-store for encrypted credential storage on device.
 */

import * as SecureStore from 'expo-secure-store';

const TOKEN_KEY = 'fogbreak_auth_token';
const USER_KEY = 'fogbreak_user';
const API_URL_KEY = 'fogbreak_api_url';
const TENANT_KEY = 'fogbreak_tenant_id';

export interface AuthUser {
  id: number;
  name: string;
  email: string;
  role: 'admin' | 'agent' | 'tc' | 'viewer';
  tenant_id: string | null;
  avatar_url: string | null;
}

// ── Token Management ──

export async function getToken(): Promise<string | null> {
  try {
    return await SecureStore.getItemAsync(TOKEN_KEY);
  } catch {
    return null;
  }
}

export async function setToken(token: string): Promise<void> {
  await SecureStore.setItemAsync(TOKEN_KEY, token);
}

export async function clearToken(): Promise<void> {
  await SecureStore.deleteItemAsync(TOKEN_KEY);
}

// ── User Profile ──

export async function getStoredUser(): Promise<AuthUser | null> {
  try {
    const json = await SecureStore.getItemAsync(USER_KEY);
    return json ? JSON.parse(json) : null;
  } catch {
    return null;
  }
}

export async function setStoredUser(user: AuthUser): Promise<void> {
  await SecureStore.setItemAsync(USER_KEY, JSON.stringify(user));
}

export async function clearStoredUser(): Promise<void> {
  await SecureStore.deleteItemAsync(USER_KEY);
}

// ── API Configuration Persistence ──

export async function getStoredAPIUrl(): Promise<string | null> {
  try {
    return await SecureStore.getItemAsync(API_URL_KEY);
  } catch {
    return null;
  }
}

export async function setStoredAPIUrl(url: string): Promise<void> {
  await SecureStore.setItemAsync(API_URL_KEY, url);
}

export async function getStoredTenantId(): Promise<string | null> {
  try {
    return await SecureStore.getItemAsync(TENANT_KEY);
  } catch {
    return null;
  }
}

export async function setStoredTenantId(tenantId: string): Promise<void> {
  await SecureStore.setItemAsync(TENANT_KEY, tenantId);
}

// ── Session ──

export async function logout(): Promise<void> {
  await Promise.all([
    clearToken(),
    clearStoredUser(),
  ]);
}

export async function isAuthenticated(): Promise<boolean> {
  const token = await getToken();
  return token !== null;
}