// import CredentialsProvider from 'next-auth/providers/credentials'
import KeycloakProvider from 'next-auth/providers/keycloak'
import { NuxtAuthHandler, } from '#auth'
import {timestampToDate} from "~/utils/helper"
// import {session} from "next-auth/core/routes";

export default NuxtAuthHandler({
  // TODO: SET A STRONG SECRET, SEE https://sidebase.io/nuxt-auth/configuration/nuxt-auth-handler#secret
  secret: 'my-auth-secret',
  // TODO: ADD YOUR OWN AUTHENTICATION PROVIDER HERE, READ THE DOCS FOR MORE: https://sidebase.io/nuxt-auth
  providers: [
    // @ts-expect-error You need to use .default here for it to work during SSR. May be fixed via Vite at some point
    KeycloakProvider.default({
      clientId: process.env.KEYCLOAK_ID,
      clientSecret: process.env.KEYCLOAK_SECRET,
      issuer: process.env.KEYCLOAK_ISSUER,
    }),

    // // @ts-expect-error You need to use .default here for it to work during SSR. May be fixed via Vite at some point
    // CredentialsProvider.default({
    //   // The name to display on the sign in form (e.g. 'Sign in with...')
    //   name: 'Credentials',
    //   // The credentials is used to generate a suitable form on the sign in page.
    //   // You can specify whatever fields you are expecting to be submitted.
    //   // e.g. domain, username, password, 2FA token, etc.
    //   // You can pass any HTML attribute to the <input> tag through the object.
    //   credentials: {
    //     username: { label: 'Username', type: 'text', placeholder: '(hint: jsmith)' },
    //     password: { label: 'Password', type: 'password', placeholder: '(hint: hunter2)' }
    //   },
    //   authorize (credentials: any) {
    //     console.warn('ATTENTION: You should replace this with your real providers or credential provider logic! The current setup is not safe')
    //     // You need to provide your own logic here that takes the credentials
    //     // submitted and returns either a object representing a user or value
    //     // that is false/null if the credentials are invalid.
    //     // NOTE: THE BELOW LOGIC IS NOT SAFE OR PROPER FOR AUTHENTICATION!

    //     const user = { id: '1', name: 'J Smith', username: 'jsmith', password: 'hunter2' }

    //     if (credentials?.username === user.username && credentials?.password === user.password) {
    //       // Any object returned will be saved in `user` property of the JWT
    //       return user
    //     } else {
    //       console.error('Warning: Malicious login attempt registered, bad credentials provided')

    //       // If you return null then an error will be displayed advising the user to check their details.
    //       return null

    //       // You can also Reject this callback with an Error thus the user will be sent to the error page with the error message as a query parameter
    //     }
    //   }
    // })
  ],
  callbacks: {
    async jwt({ token, account, user }: { token: any; user: any, account: any }) {
      try {
        if (account && account.access_token) {
          token.access_token_payload = JSON.parse(atob(account.access_token.split('.')[1]));
          token.jwt = account.access_token;
        }
      } catch (err) {
        console.error(err);
      }
      if (account) {
        token.id_token = account.id_token;
        token.refresh_token = account.refresh_token;
        token.expires_at = account.expires_at;
        token.scope = account.scope;
      }
      if (user) { token.user = user }
      return token
    },
    async session({ token,session }:{token:any, session:any}) {
      const user_payload=JSON.parse(atob(token.jwt.split('.')[1]));
      try {
        if (token && token.id_token) {
          // session.session_user_payload = user_payload;
          session.jwt = token.jwt;
        }
      } catch (err) {
        console.error(err);
      }
      if (token) {
        // session.id_token = token.id_token;
        session.refresh_token = token.refresh_token;
        // session.expires_at = token.expires_at;
        // session.scope = token.scope;
        session.isAuthenticated = true;
        session.user_payload = {
          userName:user_payload.preferred_username,
          typeUser:user_payload.type_user||user_payload.resource_access[user_payload.azp].roles[0],
          roleUser:user_payload.resource_access[user_payload.azp],
          userInfo:{
            id:user_payload.id,
            full_name:user_payload.name,
            givenName:user_payload.given_name,
            familyName:user_payload.family_name,
            email:user_payload.email,
            group:user_payload.group,
          },
          expires:{
            expires_at:token.expires_at,
            timestamps:new Date(token.expires_at),
            date:timestampToDate(token.expires_at,'id-ID'),
          }
        };
      }
      return session
    }
  },
  pages: {
    signIn: '/auth/Login',
    // signOut: '/auth/logout',
    // error: '/auth/error',
    // verifyRequest: '/auth/verify-request',
    // newUser: '/auth/new-user'
  },
})