/* cst-auth.jsx — Supabase Auth client + helpers.
   Loaded after cst-core.jsx. Exports to window.CST_AUTH. */

const _SUPABASE_URL = 'https://ahckahzjhybmxpwfzopl.supabase.co';
const _SUPABASE_ANON_KEY = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFoY2thaHpqaHlibXhwd2Z6b3BsIiwicm9sZSI6ImFub24iLCJpYXQiOjE3ODAxODIwOTYsImV4cCI6MjA5NTc1ODA5Nn0.CH5hqDsO3XnK2ErFY_jYPG_QuNHCJdj0ES1RAmv_B6A';

// Initialize once — supabase-js UMD exposes window.supabase
const _sb = window.supabase.createClient(_SUPABASE_URL, _SUPABASE_ANON_KEY);

async function getSession() {
  const { data: { session } } = await _sb.auth.getSession();
  return session;
}

async function getToken() {
  const session = await getSession();
  return session?.access_token || null;
}

async function getProfile() {
  const session = await getSession();
  if (!session) return null;
  const { data } = await _sb.from('profiles').select('*').eq('id', session.user.id).single();
  return data;
}

async function signInWith(provider) {
  // Save current route so we can restore after OAuth redirect
  try { sessionStorage.setItem('cst_redirect_route', window.__cst_current_route || 'home'); } catch (e) {}
  const { data, error } = await _sb.auth.signInWithOAuth({
    provider,
    options: { redirectTo: window.location.origin },
  });
  return { data, error };
}

async function signOut() {
  await _sb.auth.signOut();
}

function onAuthStateChange(callback) {
  return _sb.auth.onAuthStateChange(callback);
}

// Check server-side access (plan, uses, purchases)
async function checkAccess(resultHash, tool) {
  const token = await getToken();
  if (!token) return null;
  try {
    const res = await fetch('/api/check-access', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${token}` },
      body: JSON.stringify({ resultHash, tool }),
    });
    if (res.ok) return await res.json();
  } catch (e) {}
  return null;
}

// Record a tool use server-side
async function recordUse(tool) {
  const token = await getToken();
  if (!token) return null;
  try {
    const res = await fetch('/api/record-use', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${token}` },
      body: JSON.stringify({ tool }),
    });
    if (res.ok) return await res.json();
  } catch (e) {}
  return null;
}

// Save current route before Stripe redirect
function saveRoute() {
  try { sessionStorage.setItem('cst_redirect_route', window.__cst_current_route || 'home'); } catch (e) {}
}

// Read + clear the saved redirect route
function getRedirectRoute() {
  try {
    const r = sessionStorage.getItem('cst_redirect_route');
    if (r) sessionStorage.removeItem('cst_redirect_route');
    return r || null;
  } catch (e) { return null; }
}

// Start a Stripe Checkout session
async function startCheckout(type, tool, resultHash) {
  saveRoute();
  const token = await getToken();
  if (!token) return null;
  try {
    const res = await fetch('/api/create-checkout', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${token}` },
      body: JSON.stringify({ type, tool, resultHash }),
    });
    if (res.ok) {
      const { url } = await res.json();
      return url;
    }
  } catch (e) {}
  return null;
}

window.CST_AUTH = {
  client: _sb,
  getSession,
  getToken,
  getProfile,
  signInWith,
  signOut,
  onAuthStateChange,
  checkAccess,
  recordUse,
  startCheckout,
  getRedirectRoute,
};