// middleware/auth.ts
import {getTimetoMilis, timestampToDate} from "~/utils/helper";
import {signOut} from "next-auth/react";
import { useAccess } from "~/composables/useAccess";
export default defineNuxtRouteMiddleware(async(to) => {
  if (process.server) return;

  try {
    const sess : any = await useSessionLogin('getSess');
     console.log('session data:', sess);
    // console.log('route auth requirement:', timestampToDate(sess?.expires_in?.timestamps, 'id-ID'));
    // const timeMilis= sess?.expires_in?.timestamps*1000
    // console.log(timeMilis)
    // console.log('route auth requirement:', new Date(timeMilis));
    // console.log('milis:', timestampToDate(sess?.expires_in?.timestamps,'id-ID'));
    // console.log('milis:', timestampToDate(getTimetoMilis(),'id-ID'));

    // Jika session tidak ada atau sudah expired
    //console.log('session data:', sess?.user_payload?.expires?.expires_at, getTimetoMilis()>= sess?.user_payload?.expires?.expires_at);
    //if(!sess || getTimetoMilis() >= sess?.user_payload?.expires?.expires_at){
    if(!sess){
      if(to.path!=='/auth/login'){
        await signOut()
        return navigateTo({
          path: "/auth/login",
          query: {
            ...to.query,
            reason: "auth_required",
            continue: "true"
          }
        });
      }
      
      return;
    }

  // Get menu dan permission dari halaman  
  const roleUser = sess?.user_payload?.typeUser;
  //console.log("roleUser", roleUser);
  const { getRole, getPagesUser, getMergedPages,getPermisionPage } = useAccess(to.path , roleUser);
  const mergedPages = getMergedPages
  const permisionPage = getPermisionPage 

  //  Validasi permission dari halaman
  const meta = to.meta;
  const allowedRole = (meta.role || []) as string[]
  const rolePass = allowedRole.length === 0 || allowedRole.includes(roleUser)
  //const permissionPass = !meta.permission || meta.permission.every(p => perms.includes(p))
 
  //if (!rolePass || !permisionPage) {
  if (!rolePass || !mergedPages) {
    console.log('[ ACCESS DENIED]', {
      path: to.path,
      roleUser,
      mergedPages
    })
    return navigateTo('/auth/401') //  Halaman tidak punya akses
  }

    console.log('[ACCESS GRANTED]', {
    path: to.path,
    roleUser,
    mergedPages,
    permisionPage,
    allowedRole,
  })

    // Optional: Pengecekan tipe user jika diperlukan
    // // if (to.meta.auth && to.meta.auth !== sess?.user_payload?.typeUser) {
    // const metaRoles=to.meta?.roles;
    // console.log(metaRoles);
    // if (!to.meta || !metaRoles.includes(sess?.user_payload?.typeUser)) {
    //   return navigateTo('/auth/401');
    // }

  } catch (err) {
    console.error('Session check failed:', err);
    if (to.path !== '/auth/login') {
      return navigateTo({
        path: '/auth/login',
        query: {
          returnUrl: to.fullPath,
          reason: 'session check failed'
        }
      });
    }
  }

});