import NextAuth, { type DefaultSession } from 'next-auth';
import GitHub from 'next-auth/providers/github';
import Google from 'next-auth/providers/google';

declare module 'next-auth' {
  interface Session {
    user: {
      /** The user's id. */
      id: string;
    } & DefaultSession['user'];
  }
}

const restrictedPath = ['/project'];

export const {
  handlers: { GET, POST },
  auth,
} = NextAuth({
  providers: [
    GitHub,
    Google({
      clientId: process.env.GOOGLE_CLIENT_ID!,
      clientSecret: process.env.GOOGLE_SECRET!,
    }),
  ],
  callbacks: {
    // signIn({ profile }) {
    //   if (profile?.email?.endsWith('@landing.ai')) {
    //     return !!profile;
    //   } else {
    //     return '/unauthorized';
    //   }
    // },
    jwt({ token, profile }) {
      if (profile) {
        token.id = profile.id || profile.sub;
        token.image = profile.avatar_url || profile.picture;
      }
      return token;
    },
    session: ({ session, token }) => {
      if (session?.user && token?.id) {
        session.user.id = String(token.id);
      }
      return session;
    },
    authorized({ request, auth }) {
      const isAdmin = !!auth?.user?.email?.endsWith('landing.ai');
      return restrictedPath.find(path =>
        request.nextUrl.pathname.startsWith(path),
      )
        ? isAdmin
        : true;
    },
  },
  pages: {
    signIn: '/sign-in', // overrides the next-auth default signin page https://authjs.dev/guides/basics/pages
  },
});

export async function authEmail() {
  const session = await auth();
  const email = session?.user?.email;
  return { email, isAdmin: !!email?.endsWith('landing.ai') };
}