import { NextAuthOptions } from "next-auth";
import GoogleProvider from "next-auth/providers/google";
import { PrismaAdapter } from "@next-auth/prisma-adapter";
import { PrismaClient } from "@prisma/client";
import { query } from "@/lib/db-postgres";

const prisma = new PrismaClient();

export const authOptions: NextAuthOptions = {
  adapter: PrismaAdapter(prisma),
  providers: [
    GoogleProvider({
      clientId: process.env.GOOGLE_CLIENT_ID || "",
      clientSecret: process.env.GOOGLE_CLIENT_SECRET || "",
    }),
  ],
  pages: {
    signIn: "/auth",
    error: "/auth",
  },
  callbacks: {
    async session({ session, user }) {
      if (session.user) {
        session.user.id = user.id;
      }
      return session;
    },
    async signIn({ user }) {
      if (!user?.email) return true;
      try {
        const workspace = user.email.split("@")[0].toLowerCase().replace(/[^a-z0-9]+/g, "-") + "-account";
        await query(`
          INSERT INTO fs_users (id, user_id, data)
          VALUES (gen_random_uuid()::text, $1, $2::jsonb)
          ON CONFLICT ((data->>'email')) DO UPDATE
            SET user_id = EXCLUDED.user_id,
                data = fs_users.data || EXCLUDED.data,
                updated_at = NOW()
        `, [user.id, JSON.stringify({ email: user.email, name: user.name, image: user.image, workspace })]);
      } catch (e) {
        console.error("[signIn] Failed to upsert fs_user:", e);
      }
      return true;
    },
  },
  session: {
    strategy: "database",
    maxAge: 30 * 24 * 60 * 60, // 30 days
  },
  secret: process.env.NEXTAUTH_SECRET,
  cookies: {
    sessionToken: {
      name: `__Secure-next-auth.session-token`,
      options: {
        httpOnly: true,
        sameSite: "lax",
        path: "/",
        secure: true,
        domain: ".vibnai.com", // share across all subdomains (theia.vibnai.com, etc.)
      },
    },
  },
};