// lib/auth.ts

import { PrismaAdapter } from "@auth/prisma-adapter";
import { prisma } from "./database";
import GoogleProvider from "next-auth/providers/google";
import CredentialsProvider from "next-auth/providers/credentials";
import { UserService } from "./services/user.service";
import { AuthOptions } from "next-auth";

// 验证环境变量
function validateAuthConfig() {
  const requiredEnvVars = [
    'GOOGLE_CLIENT_ID',
    'GOOGLE_CLIENT_SECRET',
    'NEXTAUTH_SECRET',
    'NEXTAUTH_URL'
  ];

  const missingVars = requiredEnvVars.filter(varName => !process.env[varName]);
  
  if (missingVars.length > 0) {
    console.error('Missing required environment variables:', missingVars);
    throw new Error(`Missing required environment variables: ${missingVars.join(', ')}`);
  }

  console.log('Auth configuration validated:', {
    NEXTAUTH_URL: process.env.NEXTAUTH_URL,
    GOOGLE_CLIENT_ID: process.env.GOOGLE_CLIENT_ID?.substring(0, 20) + '...',
    NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET ? 'Set' : 'Missing'
  });
}

// 验证配置
validateAuthConfig();

export const authOptions: AuthOptions = {
  adapter: PrismaAdapter(prisma),

  providers: [
    GoogleProvider({
      clientId: process.env.GOOGLE_CLIENT_ID!,
      clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
      authorization: {
        params: {
          prompt: "consent",
          access_type: "offline",
          response_type: "code"
        }
      }
    }),

    CredentialsProvider({
      name: "Credentials",
      credentials: {
        email: { label: "Email", type: "text" },
        password: { label: "Password", type: "password" },
      },
      async authorize(credentials) {
        if (!credentials?.email || !credentials?.password) {
          throw new Error("请输入邮箱和密码");
        }

        try {
          const user = await UserService.getUserByEmail(credentials.email);

          if (!user || !user.hashedPassword) {
            throw new Error("用户不存在或未设置密码");
          }

          const isPasswordValid = await UserService.verifyPassword(
            user,
            credentials.password
          );

          if (!isPasswordValid) {
            throw new Error("密码错误");
          }

          return user;
        } catch (error) {
          throw error;
        }
      },
    }),
  ],

  session: {
    strategy: "jwt",
  },

  callbacks: {
    async jwt({ token, user, account }) {
      if (user) {
        token.id = user.id;
        token.email = user.email;
        token.name = user.name;
      }
      return token;
    },

    async session({ session, token }) {
      if (token?.id && session.user) {
        session.user.id = token.id as string;
        session.user.email = token.email as string;
        session.user.name = token.name as string;
      }
      return session;
    },

    async signIn({ user, account, profile }) {
      // 允许所有用户登录
      return true;
    },

    async redirect({ url, baseUrl }) {
      // 调试信息
      console.log("Redirect callback:", { url, baseUrl });

      // 确保重定向到正确的页面
      if (url.startsWith("/")) {
        const redirectUrl = `${baseUrl}${url}`;
        console.log("Redirecting to:", redirectUrl);
        return redirectUrl;
      } else if (new URL(url).origin === baseUrl) {
        console.log("Redirecting to same origin:", url);
        return url;
      }

      const defaultUrl = `${baseUrl}/dashboard`;
      console.log("Redirecting to default:", defaultUrl);
      return defaultUrl;
    },
  },

  pages: {
    signIn: "/login",
  },

  secret: process.env.NEXTAUTH_SECRET,

  debug: process.env.NODE_ENV === "development",
};