import { UserManager, WebStorageStateStore, type UserManagerSettings } from 'oidc-client-ts';

const authority = import.meta.env.PUBLIC_OIDC_AUTHORITY;
const clientId = import.meta.env.PUBLIC_OIDC_CLIENT_ID;
const redirectUri = import.meta.env.PUBLIC_OIDC_REDIRECT_URI;
const postLogoutRedirectUri = import.meta.env.PUBLIC_OIDC_POST_LOGOUT_REDIRECT_URI ?? redirectUri;
const scope = import.meta.env.PUBLIC_OIDC_SCOPE ?? 'openid profile email offline_access';

export const isOidcConfigured =
  Boolean(authority) && Boolean(clientId) && Boolean(redirectUri);

function buildSettings(): UserManagerSettings | null {
  if (!isOidcConfigured) return null;

  return {
    authority: authority!,
    client_id: clientId!,
    redirect_uri: redirectUri!,
    post_logout_redirect_uri: postLogoutRedirectUri,
    response_type: 'code',
    scope,
    loadUserInfo: true,
    automaticSilentRenew: false, // We handle refresh reactively via authExchange
    userStore:
      typeof window !== 'undefined'
        ? new WebStorageStateStore({ store: window.localStorage })
        : undefined,
  };
}

export const userManager = (() => {
  const settings = buildSettings();
  if (!settings) return null;
  return new UserManager(settings);
})();