import { create } from 'zustand';
import { persist } from 'zustand/middleware';

interface Organization {
  id: string;
  name: string;
  role: string;
  schemaName?: string;
  status?: string;
  settings?: Record<string, any>;
}

interface User {
  id: string;
  email: string;
  firstName: string;
  lastName: string;
  isSuperadmin?: boolean;
  isPlatformOwner?: boolean;
  hasSeenIntro?: boolean;
}

interface ImpersonationOriginal {
  token: string;
  user: User;
  organizations: Organization[];
  currentOrg: Organization | null;
}

interface AuthState {
  token: string | null;
  user: User | null;
  organizations: Organization[];
  currentOrg: Organization | null;
  impersonationOriginal: ImpersonationOriginal | null;
  setAuth: (token: string, user: User, organizations: Organization[]) => void;
  setCurrentOrg: (org: Organization, token?: string) => void;
  setUserIntroSeen: () => void;
  setOrgSettings: (settings: Record<string, any>) => void;
  startImpersonation: (token: string, user: User, organizations: Organization[]) => void;
  stopImpersonation: () => void;
  logout: () => void;
}

/** Hook to check if the current user has read-only (viewer) access */
export const useIsReadOnly = () => useAuthStore((s) => s.currentOrg?.role === 'viewer');

export const useAuthStore = create<AuthState>()(
  persist(
    (set, get) => ({
      token: null,
      user: null,
      organizations: [],
      currentOrg: null,
      impersonationOriginal: null,
      setAuth: (token, user, organizations) =>
        set({
          token,
          user,
          organizations,
          // Don't auto-select org — force user through SelectOrgPage
          currentOrg: null,
        }),
      setCurrentOrg: (org, token) =>
        set((state) => ({
          currentOrg: org,
          token: token || state.token,
        })),
      setUserIntroSeen: () =>
        set((state) => ({
          user: state.user ? { ...state.user, hasSeenIntro: true } : null,
        })),
      setOrgSettings: (settings) =>
        set((state) => ({
          currentOrg: state.currentOrg
            ? { ...state.currentOrg, settings: { ...(state.currentOrg.settings || {}), ...settings } }
            : null,
        })),
      startImpersonation: (token, user, organizations) => {
        const state = get();
        set({
          impersonationOriginal: {
            token: state.token!,
            user: state.user!,
            organizations: state.organizations,
            currentOrg: state.currentOrg,
          },
          token,
          user,
          organizations,
          currentOrg: null,
        });
      },
      stopImpersonation: () => {
        const { impersonationOriginal } = get();
        if (impersonationOriginal) {
          set({
            token: impersonationOriginal.token,
            user: impersonationOriginal.user,
            organizations: impersonationOriginal.organizations,
            currentOrg: impersonationOriginal.currentOrg,
            impersonationOriginal: null,
          });
        }
      },
      logout: () =>
        set({
          token: null,
          user: null,
          organizations: [],
          currentOrg: null,
          impersonationOriginal: null,
        }),
    }),
    {
      name: 'ledgeriq-auth',
      version: 5,
      migrate: () => ({
        token: null,
        user: null,
        organizations: [],
        currentOrg: null,
        impersonationOriginal: null,
      }),
    },
  ),
);