export interface AuthUser {
  username: string | null
  email: string | null
  name: string | null
  uid: string | null
  groups: string[]
  authenticated: boolean
}

export const useAuth = () => {
  const user = useState<AuthUser | null>('auth-user', () => null)
  const loading = useState<boolean>('auth-loading', () => false)

  const fetchUser = async () => {
    loading.value = true
    try {
      const data = await $fetch<AuthUser>('/api/auth/user')
      user.value = data
    } catch (error) {
      console.error('Error fetching user:', error)
      user.value = null
    } finally {
      loading.value = false
    }
  }

  const logout = () => {
    // Limpiar estado local
    user.value = null
    loading.value = false

    // Obtener configuración de Authentik desde variables de entorno
    const config = useRuntimeConfig()
    const authentikUrl = config.public.authentikUrl || 'https://authentik.nucleoriofrio.com'
    const appSlug = config.public.authentikAppSlug || 'devserver'

    // Redirigir al endpoint de logout de Authentik con el slug de la aplicación
    // Esto cierra la sesión completa de Authentik (OIDC end-session)
    window.location.href = `${authentikUrl}/application/o/${appSlug}/end-session/`
  }

  return {
    user: readonly(user),
    loading: readonly(loading),
    fetchUser,
    logout
  }
}