// Backend-aware auth + admin helpers.
//
// On the live deployment (CapRover) these talk to the real API so registrations
// land in PostgreSQL and the admin dashboard sees EVERY user, on every device.
// In the local preview (no backend) every call transparently falls back to the
// browser's localStorage 'aw.creds' store, so the prototype keeps working offline.
//
// Same shape is returned either way: a "creds map" { [email]: { name, bereich,
// colorIdx, premium, banned, joined, ... } } for the admin views, and a "profile"
// object for the logged-in user.

const AW_CREDS_KEY = 'aw.creds';

const _loadCreds = () => { try { return JSON.parse(localStorage.getItem(AW_CREDS_KEY) || '{}'); } catch { return {}; } };
const _saveCreds = (c) => { try { localStorage.setItem(AW_CREDS_KEY, JSON.stringify(c)); } catch {} };

// fetch with a short timeout so the preview (no backend) falls back instantly.
async function _fetch(path, opts = {}, ms = 4000) {
  const ctrl = new AbortController();
  const t = setTimeout(() => ctrl.abort(), ms);
  try {
    const r = await fetch(path, { credentials: 'same-origin', signal: ctrl.signal, ...opts });
    return r;
  } finally { clearTimeout(t); }
}

// Map a backend user row → the local "creds entry" shape used by the admin pages.
const _userToCredEntry = (u) => ({
  name: u.name, email: u.email, bereich: u.bereich, colorIdx: u.colorIdx ?? u.color_idx ?? 0,
  joined: u.joined || u.created_at, premium: u.premium || (u.premium_active ? { active: true } : null),
  banned: !!u.banned, isAdmin: !!(u.isAdmin || u.is_admin), id: u.id,
  city: u.city, plz: u.plz, _backend: true,
});

// ---- REGISTER ----
async function awRegister({ name, email, password, bereich, colorIdx }) {
  const key = (email || '').trim().toLowerCase();
  const profile = { name: (name || '').trim(), email: key, bereich, colorIdx, joined: new Date().toISOString() };
  // Try backend first.
  try {
    const r = await _fetch('/api/auth/register', {
      method: 'POST', headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ name: profile.name, email: key, password, bereich, colorIdx }),
    });
    if (r.ok) { const j = await r.json(); return { ok: true, profile: j.user || profile, source: 'backend' }; }
    if (r.status === 409) return { ok: false, error: 'Für diese E-Mail gibt es schon ein Profil. Bitte anmelden.' };
    if (r.status === 400) { const j = await r.json().catch(() => ({})); return { ok: false, error: j.error || 'Eingaben prüfen.' }; }
    // other server error → fall through to local
  } catch (e) { /* no backend → local */ }
  // Local fallback.
  const creds = _loadCreds();
  if (creds[key]) return { ok: false, error: 'Für diese E-Mail gibt es schon ein Profil. Bitte anmelden.' };
  creds[key] = { password, ...profile };
  _saveCreds(creds);
  return { ok: true, profile, source: 'local' };
}

// ---- LOGIN ----
async function awLogin({ email, password }) {
  const key = (email || '').trim().toLowerCase();
  try {
    const r = await _fetch('/api/auth/login', {
      method: 'POST', headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ email: key, password }),
    });
    if (r.ok) { const j = await r.json(); return { ok: true, profile: j.user, source: 'backend' }; }
    if (r.status === 401) return { ok: false, error: 'E-Mail oder Passwort falsch.' };
  } catch (e) { /* no backend → local */ }
  const creds = _loadCreds();
  const stored = creds[key];
  if (!stored) return { ok: false, error: 'Kein Profil mit dieser E-Mail. Bitte zuerst registrieren.' };
  if (stored.password !== password) return { ok: false, error: 'Passwort stimmt nicht. Bitte erneut versuchen.' };
  if (stored.banned) return { ok: false, error: 'Dieses Konto wurde gesperrt. Bitte wende dich an den Support.' };
  return { ok: true, profile: { name: stored.name, email: key, bereich: stored.bereich, colorIdx: stored.colorIdx, joined: stored.joined }, source: 'local' };
}

// ---- ADMIN: load all profiles as a creds-map ----
// Returns { map, source }. Tries the backend admin endpoint; falls back to localStorage.
async function awLoadProfiles() {
  try {
    const r = await _fetch('/api/admin/users', { headers: { 'Accept': 'application/json' } });
    if (r.ok) {
      const rows = await r.json();
      if (Array.isArray(rows)) {
        const map = {};
        rows.forEach(u => { map[(u.email || '').toLowerCase()] = _userToCredEntry(u); });
        return { map, source: 'backend' };
      }
    }
  } catch (e) { /* no backend / not admin → local */ }
  return { map: _loadCreds(), source: 'local' };
}

// ---- ADMIN: delete / ban a profile (backend + local) ----
async function awDeleteProfile(email, id) {
  if (id != null) { try { await _fetch('/api/admin/users/' + encodeURIComponent(id), { method: 'DELETE' }); } catch {} }
  const creds = _loadCreds(); const key = (email || '').toLowerCase();
  if (creds[key]) { delete creds[key]; _saveCreds(creds); }
}

Object.assign(window, { awRegister, awLogin, awLoadProfiles, awDeleteProfile });