/**
 * API context types for oRPC handlers
 */

import type { Database } from "@reviq/db-schema";
import type { Kysely } from "kysely";

/**
 * Base API context available to all handlers
 */
export interface APIContext {
  /** Database client */
  db: Kysely<Database>;
  /** Request origin (e.g., "http://localhost:6827") */
  origin: string;
  /** Allowed WebAuthn origins */
  allowedOrigins: string[];
  /** Relying party name for WebAuthn */
  rpName: string;
  /** Request headers (for reading cookies, auth headers) */
  reqHeaders: Headers;
  /** Response headers (for setting cookies) */
  resHeaders: Headers;
}

/**
 * User information from the session
 */
export interface SessionUser {
  id: number;
  email: string;
  displayName: string | null;
  emailVerifiedAt: Date | null;
  isSuperuser: boolean;
}

/**
 * Session information
 */
export interface Session {
  /** Session ID (stored as bigint in DB, returned as string) */
  id: string;
  trustedMode: boolean;
  createdAt: Date;
}

/**
 * API token authentication info
 */
export interface ApiTokenAuth {
  method: "api_token";
  tokenId: string;
  tokenName: string;
  expiresAt: Date;
  lastUsedAt: Date | null;
  createdAt: Date;
}

/**
 * Session authentication info
 */
export interface SessionAuth {
  method: "session";
  sessionId: string;
  expiresAt: Date;
  createdAt: Date;
}

/**
 * Union type for authentication method info
 */
export type AuthInfo = ApiTokenAuth | SessionAuth;

/**
 * Authenticated API context for protected handlers
 */
export interface AuthenticatedContext extends APIContext {
  /** Current user from session */
  user: SessionUser;
  /** Current session */
  session: Session;
  /** Authentication method and details */
  auth: AuthInfo;
}

/**
 * Login request context (used during login flow)
 */
export interface LoginRequestContext extends APIContext {
  /** Login request ID from cookie */
  loginRequestId: number;
  /** User associated with the login request */
  user: SessionUser;
}

/**
 * Superuser context for admin procedures
 * Requires user to have is_superuser = true
 */
export interface SuperuserContext extends AuthenticatedContext {
  /** User with superuser privileges */
  user: SessionUser & { isSuperuser: true };
}