// Customer accounts via Supabase Auth (email magic link) + saved addresses.
// Uses the public anon key + RLS (see supabase/auth.sql). PKCE flow so the
// callback arrives as ?code=... (plays nice with our hash router).

const sb = (window.supabase && window.SUPABASE_URL && window.SUPABASE_ANON_KEY)
  ? window.supabase.createClient(window.SUPABASE_URL, window.SUPABASE_ANON_KEY, {
      auth: { flowType: "pkce", detectSessionInUrl: true, persistSession: true, autoRefreshToken: true },
    })
  : null;
window.sbClient = sb;

// Current session access token (for Authorization: Bearer on our API), or null.
async function sbAccessToken() {
  if (!sb) return null;
  const { data } = await sb.auth.getSession();
  return data.session?.access_token || null;
}
window.sbAccessToken = sbAccessToken;

// ── Auth hook ────────────────────────────────────────────────
function useAuth() {
  const [session, setSession] = React.useState(undefined); // undefined = loading
  React.useEffect(() => {
    if (!sb) { setSession(null); return; }
    sb.auth.getSession().then(({ data }) => setSession(data.session || null));
    const { data: sub } = sb.auth.onAuthStateChange((_e, s) => setSession(s || null));
    return () => sub.subscription.unsubscribe();
  }, []);
  return {
    ready: session !== undefined,
    user: session?.user || null,
    email: session?.user?.email || null,
    signIn: (email) => sb.auth.signInWithOtp({
      email,
      options: { emailRedirectTo: window.location.origin + "/account" },
    }),
    signInWithPassword: (email, password) => sb.auth.signInWithPassword({ email, password }),
    signUp: (email, password, phone) => sb.auth.signUp({
      email, password,
      options: { emailRedirectTo: window.location.origin + "/account", data: { phone } },
    }),
    resetPassword: (email) => sb.auth.resetPasswordForEmail(email, {
      redirectTo: window.location.origin + "/account",
    }),
    updatePassword: (password) => sb.auth.updateUser({ password }),
    signOut: () => sb.auth.signOut(),
    configured: !!sb,
  };
}
window.useAuth = useAuth;

// ── Saved addresses hook ─────────────────────────────────────
function useAddresses(user) {
  const [addresses, setAddresses] = React.useState([]);
  const [loading, setLoading] = React.useState(false);

  const refresh = React.useCallback(async () => {
    if (!sb || !user) { setAddresses([]); return; }
    setLoading(true);
    const { data } = await sb.from("user_addresses").select("*").order("is_default", { ascending: false }).order("created_at", { ascending: false });
    setAddresses(data || []);
    setLoading(false);
  }, [user]);

  React.useEffect(() => { refresh(); }, [refresh]);

  const save = async (addr) => {
    if (!sb || !user) return;
    // a single default at a time
    if (addr.is_default) await sb.from("user_addresses").update({ is_default: false }).eq("user_id", user.id);
    const row = { ...addr, user_id: user.id };
    if (addr.id) await sb.from("user_addresses").update(row).eq("id", addr.id);
    else await sb.from("user_addresses").insert(row);
    await refresh();
  };
  const remove = async (id) => { if (sb && user) { await sb.from("user_addresses").delete().eq("id", id); await refresh(); } };

  return { addresses, loading, save, remove, refresh };
}
window.useAddresses = useAddresses;