import { useState, useEffect } from 'react'
import api from '@/services/api'

export interface AuthConfig {
  oidcEnabled: boolean
  oidcOnly: boolean
  passwordLogin: boolean
  oidcLoginUrl: string
}

const DEFAULT: AuthConfig = {
  oidcEnabled: false,
  oidcOnly: false,
  passwordLogin: true,
  oidcLoginUrl: '/auth/oidc/login',
}

let cache: AuthConfig | null = null
let inflight: Promise<AuthConfig> | null = null

async function load(): Promise<AuthConfig> {
  if (cache) return cache
  if (inflight) return inflight
  inflight = api
    .get('/auth/config')
    .then(({ data }) => {
      cache = {
        oidcEnabled: !!data.oidc_enabled,
        oidcOnly: !!data.oidc_only,
        passwordLogin: data.password_login !== false,
        oidcLoginUrl: data.oidc_login_url || '/auth/oidc/login',
      }
      return cache
    })
    .catch(() => {
      // Backend unreachable / old backend without /auth/config:
      // fall back to password-only so login is never fully blocked.
      cache = { ...DEFAULT }
      return cache
    })
    .finally(() => {
      inflight = null
    })
  return inflight
}

/** Absolute backend URL for full-page OIDC redirects. */
const BACKEND_BASE = import.meta.env.VITE_HF_BACKEND_BASE_URL || ''

export function oidcLoginHref(cfg: AuthConfig): string {
  return `${BACKEND_BASE}${cfg.oidcLoginUrl}`
}

export function oidcLinkHref(): string {
  return `${BACKEND_BASE}/auth/oidc/link`
}

export function useAuthConfig() {
  const [config, setConfig] = useState<AuthConfig | null>(cache)
  const [loading, setLoading] = useState(!cache)

  useEffect(() => {
    let alive = true
    load().then((c) => {
      if (alive) {
        setConfig(c)
        setLoading(false)
      }
    })
    return () => {
      alive = false
    }
  }, [])

  return { config: config ?? DEFAULT, loading }
}