import { createClient } from "./supabase/server";
import { db } from "./db";
import { usuariosApp } from "./schema";
import { eq } from "drizzle-orm";

export type UserRole = "admin" | "inquilino";

export const SECTIONS = ["dashboard", "pagos", "graficas", "ajustes-ipc", "servicios", "historial", "usuarios"] as const;
export const ALL_SCOPES = SECTIONS.flatMap(s => [`${s}:ver`, `${s}:editar`]);
export const DEFAULT_INQUILINO_SCOPES = ["dashboard:ver", "pagos:ver", "graficas:ver"];

export interface SessionUser {
  name: string;
  email: string;
  role: UserRole;
  authUid: string;
  permisos: string[];
}

export async function auth(): Promise<{ user: SessionUser } | null> {
  const supabase = await createClient();
  const {
    data: { user },
  } = await supabase.auth.getUser();
  if (!user) return null;

  // Look up role and permisos from usuarios_app
  let role: UserRole = "inquilino";
  let nombre = (user.user_metadata?.name as string) || user.email || "";
  let permisos: string[] = [...DEFAULT_INQUILINO_SCOPES];
  try {
    const [appUser] = await db
      .select({ rol: usuariosApp.rol, nombre: usuariosApp.nombre, permisos: usuariosApp.permisos })
      .from(usuariosApp)
      .where(eq(usuariosApp.authUid, user.id))
      .limit(1);
    if (appUser) {
      role = appUser.rol as UserRole;
      nombre = appUser.nombre;
      if (role === "admin") {
        permisos = [...ALL_SCOPES];
      } else if (Array.isArray(appUser.permisos)) {
        permisos = appUser.permisos as string[];
      }
    }
  } catch {
    // Table might not exist yet during initial setup
  }

  return {
    user: {
      name: nombre,
      email: user.email || "",
      role,
      authUid: user.id,
      permisos,
    },
  };
}