import { writable } from 'svelte/store';
import { browser } from '$app/environment';

const TOKEN_KEY = 'eventsnap_jwt';
const PIN_KEY = 'eventsnap_pin';
const USER_ID_KEY = 'eventsnap_user_id';

export const isAuthenticated = writable(false);

export function getToken(): string | null {
	if (!browser) return null;
	return localStorage.getItem(TOKEN_KEY);
}

export function getPin(): string | null {
	if (!browser) return null;
	return localStorage.getItem(PIN_KEY);
}

export function getUserId(): string | null {
	if (!browser) return null;
	return localStorage.getItem(USER_ID_KEY);
}

export function setAuth(jwt: string, pin: string | null, userId: string): void {
	if (!browser) return;
	localStorage.setItem(TOKEN_KEY, jwt);
	if (pin) localStorage.setItem(PIN_KEY, pin);
	localStorage.setItem(USER_ID_KEY, userId);
	isAuthenticated.set(true);
}

export function clearAuth(): void {
	if (!browser) return;
	localStorage.removeItem(TOKEN_KEY);
	localStorage.removeItem(USER_ID_KEY);
	// PIN is intentionally kept so the user can recover
	isAuthenticated.set(false);
}

export function getRole(): 'guest' | 'host' | 'admin' | null {
	const token = getToken();
	if (!token) return null;
	try {
		const payload = JSON.parse(atob(token.split('.')[1]));
		return payload.role ?? null;
	} catch {
		return null;
	}
}

export function initAuth(): void {
	if (!browser) return;
	isAuthenticated.set(!!getToken());
}