import { useLogto } from '@logto/react';
import { useState, useEffect, useCallback } from 'react';
import { useOrgStore } from './useOrganization';

interface IdTokenClaims {
  sub?: string;
  email?: string;
  name?: string;
  username?: string;
  roles?: string[];
  organization_id?: string;
  [key: string]: unknown;
}

export function useAuth() {
  const { isAuthenticated, isLoading, getIdTokenClaims, signOut, signIn } = useLogto();
  const [claims, setClaims] = useState<IdTokenClaims | null>(null);
  const { currentTenantId, isPlatformAdmin } = useOrgStore();

  useEffect(() => {
    if (isAuthenticated) {
      getIdTokenClaims().then((c) => setClaims(c as IdTokenClaims));
    } else {
      setClaims(null);
    }
  }, [isAuthenticated, getIdTokenClaims]);

  const username = claims?.username ?? claims?.name ?? claims?.email ?? claims?.sub ?? null;
  const roles = (claims?.roles as string[]) ?? [];
  // tenantId is the DB UUID from the org store (set by OrgResolver after /api/me)
  const tenantId = currentTenantId;

  const logout = useCallback(() => {
    signOut(window.location.origin + '/login');
  }, [signOut]);

  return {
    isAuthenticated,
    isLoading,
    username,
    roles,
    tenantId,
    isPlatformAdmin,
    logout,
    signIn,
  };
}