import { NextAuthOptions } from "next-auth";
import CredentialsProvider from "next-auth/providers/credentials";
import { prisma } from "@/lib/prisma";
import { config } from "@/lib/config";
import { authenticateUser, UTBApiError, UTB_ROLE_MAP } from "@/lib/utb-api";
import type { Role } from "@prisma/client";

export const authOptions: NextAuthOptions = {
  secret: config.nextAuth.secret,
  providers: [
    CredentialsProvider({
      name: "credentials",
      credentials: {
        username: { label: "Usuario", type: "text" },
        password: { label: "Contraseña", type: "password" }
      },
      async authorize(credentials) {
        if (!credentials?.username || !credentials?.password) {
          return null;
        }

        try {
          // Autenticar con API UTB
          const utbResponse = await authenticateUser(
            credentials.username,
            credentials.password
          );

          // Mapear rol UTB a rol interno
          const role = UTB_ROLE_MAP[utbResponse.user.tipo] || 'PATIENT';

          // Buscar usuario existente por identificación
          let user = await prisma.user.findFirst({
            where: {
              OR: [
                { identificacion: utbResponse.user.identificacion },
                { username: credentials.username }
              ]
            }
          });

          if (user) {
            // Actualizar datos del usuario existente
            user = await prisma.user.update({
              where: { id: user.id },
              data: {
                name: utbResponse.user.nombres,
                lastname: utbResponse.user.apellidos,
                dateOfBirth: new Date(utbResponse.user.fecha_nacimiento),
                role,
                identificacion: utbResponse.user.identificacion,
                isExternalAuth: true,
              }
            });
          } else {
            // Crear nuevo usuario
            user = await prisma.user.create({
              data: {
                username: credentials.username,
                identificacion: utbResponse.user.identificacion,
                name: utbResponse.user.nombres,
                lastname: utbResponse.user.apellidos,
                dateOfBirth: new Date(utbResponse.user.fecha_nacimiento),
                role,
                isExternalAuth: true,
              }
            });
          }

          return {
            id: user.id,
            email: user.email || '',
            name: user.name,
            lastname: user.lastname,
            role: user.role,
            profileImage: user.profileImage || undefined,
            isExternalAuth: user.isExternalAuth,
            identificacion: user.identificacion || undefined,
            phone: user.phone || undefined,
            dateOfBirth: user.dateOfBirth || undefined,
            gender: user.gender || undefined,
            address: user.address || undefined,
            emergencyContact: user.emergencyContact || undefined,
            medicalHistory: user.medicalHistory || undefined,
            allergies: user.allergies || undefined,
            currentMedications: user.currentMedications || undefined,
          };
        } catch (error) {
          if (error instanceof UTBApiError) {
            console.error("Error UTB API:", error.message);
          } else {
            console.error("Error en authorize:", error);
          }
          return null;
        }
      }
    })
  ],
  session: {
    strategy: "jwt",
    maxAge: config.session.maxAge, // Configurado desde variables de entorno
  },
  jwt: {
    maxAge: config.session.jwtMaxAge, // Configurado desde variables de entorno
  },
  callbacks: {
    async jwt({ token, user, trigger, session }) {
      // Durante login inicial - copiar todos los datos del usuario
      if (user) {
        return { ...token, ...user };
      }
      
      // Durante actualización con update() - solo actualizar campos que fueron enviados
      if (trigger === "update" && session) {
        return { ...token, ...session };
      }
      
      return token;
    },
    async session({ session, token }) {
      // Copiar todos los campos del token a session.user (excepto los internos de JWT)
      if (token && session.user) {
        // Mantener la estructura de session.user y actualizar con datos del token
        session.user = {
          ...session.user,
          id: token.id as string,
          role: token.role as "PATIENT" | "ADMIN",
          name: token.name as string,
          lastname: token.lastname as string,
          email: token.email as string,
          profileImage: token.profileImage as string | undefined,
          isExternalAuth: token.isExternalAuth as boolean | undefined,
          identificacion: token.identificacion as string | undefined,
          dateOfBirth: token.dateOfBirth as Date | undefined,
          phone: token.phone as string | undefined,
          gender: token.gender as string | undefined,
          address: token.address as string | undefined,
          emergencyContact: token.emergencyContact as string | undefined,
          medicalHistory: token.medicalHistory as string | undefined,
          allergies: token.allergies as string | undefined,
          currentMedications: token.currentMedications as string | undefined,
        };
      }
      return session;
    }
  },
  pages: {
    signIn: "/auth/login"
  },
  debug: process.env.NODE_ENV === "development",
};