import NextAuth from "next-auth"

import { env } from "@/env/server"

import type { NextAuthConfig, User } from "next-auth"
import type { OIDCConfig } from "next-auth/providers"

const customProvider = {
  clientId: env.CURITY_CLIENT_ID_USER,
  clientSecret: env.CURITY_CLIENT_SECRET_USER,
  id: "curity",
  name: "Curity",
  type: "oidc",
  // FIXME: This is incorrect. We should not hard code this.
  //        It should be ${env.CURITY_ISSUER_USER}.
  //        This change requires sync between Curity deploy and CurrentWeb and NewWeb.
  issuer: "https://scandichotels.com",
  authorization: {
    url: `${env.CURITY_ISSUER_USER}/oauth/v2/authorize`,
    params: {
      scope: ["openid"],
    },
  },
  token: {
    url: `${env.CURITY_ISSUER_USER}/oauth/v2/token`,
  },
  userinfo: {
    url: `${env.CURITY_ISSUER_USER}/oauth/v2/userinfo`,
  },

  profile(profile) {
    console.log({ profile })
    return {
      id: profile.id,
      sub: profile.sub,
      given_name: profile.given_name,
    }
  },
} satisfies OIDCConfig<User>

export const config = {
  // basePath: "/api/auth",
  // pages: {
  //   signIn: "/auth/login",
  // },
  providers: [customProvider],
  redirectProxyUrl: env.NEXTAUTH_REDIRECT_PROXY_URL,
  trustHost: true,

  session: {
    strategy: "jwt",
  },
  callbacks: {
    async signIn(...args) {
      console.log("****** SIGN IN *******")
      console.log(args)
      console.log("****** END - SIGN IN *******")
      return true
    },
    async session({ session, token, user }) {
      console.log("****** SESSION *******")
      console.log({ session })
      console.log({ token })
      console.log({ user })
      console.log("****** END - SESSION *******")
      if (session.user) {
        return {
          ...session,
          user: {
            ...session.user,
            id: token.sub,
          },
        }
      }
      return session
    },
    async redirect({ baseUrl, url }) {
      console.log("****** REDIRECT *******")
      console.log({ baseUrl })
      console.log({ url })
      console.log("****** END - REDIRECT *******")
      // Allows relative callback URLs
      if (url.startsWith("/")) {
        return `${baseUrl}${url}`
      } else if (new URL(url).origin === baseUrl) {
        // Allows callback URLs on the same origin
        return url
      }
      return baseUrl
    },
    async authorized({ auth, request }) {
      console.log("****** AUTHORIZED *******")
      console.log({ auth })
      console.log({ request })
      console.log("****** END - AUTHORIZED *******")
      return true
    },
    async jwt({ session, token, trigger }) {
      console.log("****** JWT *******")
      console.log({ session, token, trigger })
      console.log("****** END - JWT *******")
      return token
    },
  },
  events: {
    async signIn(...args) {
      console.log("#### SIGNIN EVENT ARGS ######")
      console.log(args)
      console.log("#### END - SIGNIN EVENT ARGS ######")
    },
    async session(...args) {
      console.log("#### SESSION EVENT ARGS ######")
      console.log(args)
      console.log("#### END - SESSION EVENT ARGS ######")
    },
  },
  logger: {
    error(code, ...message) {
      console.info("ERROR LOGGER")
      console.error(code, message)
    },
    warn(code, ...message) {
      console.info("WARN LOGGER")
      console.warn(code, message)
    },
    debug(code, ...message) {
      console.info("DEBUG LOGGER")
      console.debug(code, message)
    },
  },
} satisfies NextAuthConfig

export const {
  handlers: { GET, POST },
  auth,
  signIn,
  signOut,
} = NextAuth(config)