import { SvelteKitAuth }  from '@auth/sveltekit';
import Credentials from '@auth/sveltekit/providers/credentials';
import { db, users } from '$lib/server/db.js';
import { eq } from 'drizzle-orm';
import { verifyPassword, createMoodleUser } from '$lib/server/auth.js';
import { moodleLogin } from '$lib/server/moodle.js';

export const { handle, signIn, signOut } = SvelteKitAuth({
  providers: [
    //локальный аккаунт (email + пароль)
    Credentials({
      id: 'local',
      name: 'Локальный аккаунт',
      credentials: {
        email: { label: 'Email',  type: 'email' },
        password: { label: 'Пароль', type: 'password' },
      },
      async authorize({ email, password }) {
        if (!email || !password) return null;
        const user = db.select().from(users).where(eq(users.email, email)).get();
        if (!user || user.authType !== 'local' || !user.passwordHash) return null;
        if (!verifyPassword(password, user.passwordHash)) return null;

        return {
          id: user.id,
          name: user.username,
          email: user.email,
          authType: 'local',
        };
      },
    }),

    //вход через Moodle
    Credentials({
      id: 'moodle',
      name: 'Moodle',
      credentials: {
        username: { label: 'Логин Moodle', type: 'text' },
        password: { label: 'Пароль', type: 'password' },
      },
      async authorize({ username, password }) {
        if (!username || !password) return null;
        try {
          //проверяем логин/пароль через Moodle API (moodle.js)
          const mUser = await moodleLogin(username, password);
          //создаём или находим пользователя в нашей БД
          const userId = createMoodleUser(mUser.moodleId, mUser.username, mUser.email);
          const user = db.select().from(users).where(eq(users.id, userId)).get();
          return {
            id: user.id,
            name: user.username,
            email: user.email,
            authType: 'moodle',
            moodleId: user.moodleId,
          };
        } catch {
          return null; //неверный логин/пароль
        }
      },
    }),

  ],

  callbacks: {
    //добавляем в JWT токен
    jwt({ token, user }) {
      if (user) {
        token.id = user.id;
        token.authType = user.authType;
        token.moodleId = user.moodleId ?? null;
      }
      return token;
    },
    //передаём в объект сессии
    session({ session, token }) {
      session.user.id = token.id;
      session.user.authType = token.authType;
      session.user.moodleId = token.moodleId ?? null;
      return session;
    },
  },

  pages: {
    signIn: '/login',
  },
  trustHost: true,
});