import { api } from '@/utils/request'

export interface UserInfo {
  id: number
  username: string
  email: string
  role: string
  status: number
  ext?: Record<string, unknown> | null
}

export const useUserStore = defineStore('user', () => {
  const token = ref<string | null>(localStorage.getItem('access_token'))
  const refreshToken = ref<string | null>(localStorage.getItem('refresh_token'))
  const user = ref<UserInfo | null>(null)
  // 默认不持久化；从 localStorage 推断：有 token 说明上次选了"记住我"
  const _remember = ref(!!localStorage.getItem('access_token'))

  // 基本 JWT 格式校验（三段式），防止垃圾值绕过路由守卫
  const isLoggedIn = computed(() => {
    const t = token.value
    return !!t && t.split('.').length === 3
  })
  const isAdmin = computed(() => user.value?.role === 'admin')
  const username = computed(() => user.value?.username || '')

  function setToken(accessToken: string, newRefreshToken: string, remember = true) {
    token.value = accessToken
    refreshToken.value = newRefreshToken
    _remember.value = remember
    if (remember) {
      localStorage.setItem('access_token', accessToken)
      localStorage.setItem('refresh_token', newRefreshToken)
    } else {
      // 不记住：清除全部持久化数据，token 仅存于内存，关闭标签页即失效
      localStorage.removeItem('access_token')
      localStorage.removeItem('refresh_token')
      localStorage.removeItem('user')
    }
  }

  function setUser(info: UserInfo) {
    user.value = info
    if (_remember.value) {
      localStorage.setItem('user', JSON.stringify(info))
    }
  }

  async function fetchCurrentUser() {
    const data = await api.get<UserInfo>('/api/v1/me')
    setUser(data)
    return data
  }

  function logout() {
    token.value = null
    refreshToken.value = null
    user.value = null
    _remember.value = false
    localStorage.removeItem('access_token')
    localStorage.removeItem('refresh_token')
    localStorage.removeItem('user')
  }

  // 初始化：从 localStorage 恢复用户信息
  const savedUser = localStorage.getItem('user')
  if (savedUser) {
    try {
      user.value = JSON.parse(savedUser)
    } catch {
      user.value = null
    }
  }

  async function updateProfile(data: { email?: string; ext?: Record<string, unknown> }) {
    const result = await api.put<UserInfo>('/api/v1/me/profile', data)
    setUser(result)
    return result
  }

  async function changePassword(data: {
    old_password: string
    new_password: string
    new_password_confirmation: string
  }) {
    await api.put('/api/v1/me/password', data)
    logout()
  }

  return {
    token,
    refreshToken,
    user,
    isLoggedIn,
    isAdmin,
    username,
    setToken,
    setUser,
    fetchCurrentUser,
    logout,
    updateProfile,
    changePassword,
  }
})