import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle";
import {
	admin,
	// apiKey,
	// createAuthMiddleware,
	//customSession,
	jwt,
	lastLoginMethod,
	username,
} from "better-auth/plugins";
//import { eq } from "drizzle-orm";
import { db } from "../db/db.controller.js";
import * as rawSchema from "../db/schema/auth.schema.js";
import { allowedOrigins } from "./cors.utils.js";
import { sendEmail } from "./sendEmail.utils.js";

export const schema = {
	user: rawSchema.user,
	session: rawSchema.session,
	account: rawSchema.account,
	verification: rawSchema.verification,
	jwks: rawSchema.jwks,
	apiKey: rawSchema.apikey, // 🔑 rename to apiKey
};

export const auth = betterAuth({
	appName: "lst",
	baseURL: process.env.URL,
	database: drizzleAdapter(db, {
		provider: "pg",
		schema,
	}),
	trustedOrigins: allowedOrigins,
	user: {
		additionalFields: {
			role: {
				type: "string",
				//required: false,
				input: false,
			},
		},
	},
	plugins: [
		jwt({ jwt: { expirationTime: "1h" } }),
		//apiKey(),
		admin(),
		lastLoginMethod(),
		username({
			minUsernameLength: 5,
			usernameValidator: (username) => {
				if (username === "admin" || username === "root") {
					return false;
				}
				return true;
			},
		}),

		// customSession(async ({ user, session }) => {
		// 	const roles = await db
		// 		.select({ roles: rawSchema.user.role })
		// 		.from(rawSchema.user)
		// 		.where(eq(rawSchema.user.id, session.id));
		// 	return {
		// 		roles,
		// 		user: {
		// 			...user,
		// 			//newField: "newField",
		// 		},
		// 		session,
		// 	};
		// }),
	],

	emailAndPassword: {
		enabled: true,
		minPasswordLength: 8, // optional config
		resetPasswordTokenExpirySeconds: process.env.RESET_EXPIRY_SECONDS, // time in seconds
		sendResetPassword: async ({ user, token }) => {
			const frontendUrl = `${process.env.URL}/lst/app/user/resetpassword?token=${token}`;
			const expiryMinutes = Math.floor(
				parseInt(process.env.RESET_EXPIRY_SECONDS ?? "3600", 10) / 60,
			);
			const expiryText =
				expiryMinutes >= 60
					? `${expiryMinutes / 60} hour${expiryMinutes === 60 ? "" : "s"}`
					: `${expiryMinutes} minutes`;
			const emailData = {
				email: user.email,
				subject: "LST- Forgot password request",
				template: "forgotPassword",
				context: {
					username: user.name,
					email: user.email,
					url: frontendUrl,
					expiry: expiryText,
				},
			};
			await sendEmail(emailData);
		},
		// onPasswordReset: async ({ user }, request) => {
		//     // your logic here
		//     console.log(`Password for user ${user.email} has been reset.`);
		// },
	},
	session: {
		expiresIn: 60 * 60,
		updateAge: 60 * 5,
		freshAge: 60 * 2,
		cookieCache: {
			enabled: true,
			maxAge: 5 * 60,
		},
	},
	cookie: {
		path: "/lst/app",
		sameSite: "lax",
		secure: false,
		httpOnly: true,
	},
	// hooks: {
	// 	after: createAuthMiddleware(async (ctx) => {
	// 		if (ctx.path.startsWith("/login")) {
	// 			const newSession = ctx.context.newSession;
	// 			if (newSession) {
	// 				// something here later
	// 			}
	// 		}
	// 	}),
	// },
	events: {
		// async onSignInSuccess({ user }: { user: User }) {
		// 	await db
		// 		.update(rawSchema.user)
		// 		.set({ lastLogin: new Date() })
		// 		.where(eq(schema.user.id, user.id));
		// },
	},
});