import { redirect } from 'next/navigation'
import { createServerSupabaseClient } from '@/lib/supabase/server'
import type { AdminRole, AdminUserRow } from '@/lib/types'

export class AdminApiError extends Error {
  status: number

  constructor(status: number, message: string) {
    super(message)
    this.status = status
  }
}

export async function getCurrentUser() {
  const supabase = await createServerSupabaseClient()
  const { data, error } = await supabase.auth.getUser()

  if (error || !data.user) {
    return null
  }

  return data.user
}

export async function getCurrentAdmin() {
  const supabase = await createServerSupabaseClient()
  const { data, error: authError } = await supabase.auth.getUser()

  if (authError || !data.user) {
    return null
  }

  const { data: adminRow, error } = await supabase
    .from('admin_users')
    .select('user_id, role, is_active, created_at')
    .eq('user_id', data.user.id)
    .eq('is_active', true)
    .maybeSingle<AdminUserRow>()

  if (error || !adminRow) {
    return null
  }

  return {
    user: data.user,
    admin: adminRow,
  }
}

export async function requireAdminPage() {
  const current = await getCurrentAdmin()

  if (!current) {
    redirect('/login')
  }

  return current
}

export async function requireAdminForApi(): Promise<{ userId: string; role: AdminRole }> {
  const current = await getCurrentAdmin()

  if (!current) {
    throw new AdminApiError(403, 'Admin access required')
  }

  return {
    userId: current.user.id,
    role: current.admin.role,
  }
}
