cameleer-server/ui/src/auth/use-auth.ts

import { useEffect } from 'react';
import { useAuthStore } from './auth-store';
import { configureAuth } from '../api/client';
import { useNavigate } from 'react-router';

export function useAuth() {
  const { accessToken, isAuthenticated, refresh, logout } = useAuthStore();
  const navigate = useNavigate();

  // Wire onUnauthorized handler (needs navigate from router context)
  useEffect(() => {
    configureAuth({
      onUnauthorized: async () => {
        const ok = await useAuthStore.getState().refresh();
        if (!ok) {
          useAuthStore.getState().logout();
          navigate('/login', { replace: true });
        }
      },
    });
  }, [navigate]);

  // Auto-refresh: check token expiry every 30s
  useEffect(() => {
    if (!isAuthenticated) return;
    const interval = setInterval(async () => {
      const token = useAuthStore.getState().accessToken;
      if (!token) return;
      try {
        const payload = JSON.parse(atob(token.split('.')[1]));
        const expiresIn = payload.exp * 1000 - Date.now();
        // Refresh when less than 5 minutes remaining
        if (expiresIn < 5 * 60 * 1000) {
          await refresh();
        }
      } catch {
        // Token parse failure — ignore, will fail on next API call
      }
    }, 30_000);
    return () => clearInterval(interval);
  }, [isAuthenticated, refresh]);

  return { accessToken, isAuthenticated, logout };
}