import api from "@/lib/axios";
import { CurrentUser } from "@/types/auth";
import { NextAuthOptions } from "next-auth";
import CredentialsProvider from "next-auth/providers/credentials"

/**
 * Parse expiresIn string (e.g., "1h", "30m", "1d") to milliseconds
 */
function parseExpiresInToMs(expiresIn: string): number {
    const match = expiresIn.match(/^(\d+)([smhd])$/)
    if (!match) {
        return 24 * 60 * 60 * 1000 // Default 1 day
    }

    const value = parseInt(match[1], 10)
    const unit = match[2]

    switch (unit) {
        case 's': return value * 1000
        case 'm': return value * 60 * 1000
        case 'h': return value * 60 * 60 * 1000
        case 'd': return value * 24 * 60 * 60 * 1000
        default: return 24 * 60 * 60 * 1000
    }
}

export const authOptions: NextAuthOptions = {
    providers: [
        CredentialsProvider({
            name: "credentials",
            credentials: {
                email: { label: "Email", type: "email" },
                password: { label: "Password", type: "password" }
            },
            async authorize(credentials) {
                try {
                    if (!credentials?.email || !credentials?.password) {
                        return null
                    }

                    const response = await api.post("/auth/login", {
                        email: credentials.email,
                        password: credentials.password,
                    })

                    if (response.data.access_token && response.data.user) {
                        const user: CurrentUser = response.data.user
                        return {
                            id: user.id.toString(),
                            email: user.email,
                            name: user.name,
                            role: user.role,
                            avatar: user.avatar,
                            attendanceMethod: user.attendanceMethod,
                            biometricDeviceId: user.biometricDeviceId,
                            isActive: user.isActive,
                            accessToken: response.data.access_token,
                            expiresIn: response.data.expiresIn,
                        }
                    }

                    return null
                } catch (error) {
                    console.error("Authentication error:", error)
                    return null
                }
            }
        })
    ],
    callbacks: {
        async jwt({ token, user }) {
            if (user) {
                token.accessToken = user.accessToken
                token.expiresIn = user.expiresIn
                const expiresInMs = parseExpiresInToMs(user.expiresIn)
                token.tokenExpiry = Date.now() + expiresInMs
                token.role = user.role
                token.attendanceMethod = user.attendanceMethod
                token.biometricDeviceId = user.biometricDeviceId
                token.isActive = user.isActive
            }
            // Check if token has expired and return null to force re-authentication
            if (token.tokenExpiry && Date.now() > token.tokenExpiry) {
                return {} as typeof token
            }
            return token
        },
        async session({ session, token }) {
            // If token is expired, return null to force re-authentication
            if (!token.tokenExpiry || Date.now() > token.tokenExpiry) {
                return null as any
            }
            if (token) {
                session.user.id = Number(token.sub!)
                session.user.role = token.role as any
                session.user.attendanceMethod = token.attendanceMethod as any
                session.user.biometricDeviceId = token.biometricDeviceId as any
                session.user.isActive = token.isActive as any
            }
            return session
        }
    },
    pages: {
        signIn: "/login",
        error: "/login",
    },
    session: {
        strategy: "jwt",
    },
    secret: process.env.NEXTAUTH_SECRET,
}