// BizGaze as identity provider.
// Validates a username/password against BizGaze's ValidateAndLogin endpoint.
// Enabled only when BIZGAZE_LOGIN_URL is set (so tests/local runs stay self-contained).
//
// Success response shape (observed):
//   { status: 1, currentSession: { name, userId, tenantId, unibaseId, isAdmin, ... }, message }
// Failure: status !== 1, with a `message`.

function loginUrl() { return process.env.BIZGAZE_LOGIN_URL || ''; }
const isEnabled = () => !!loginUrl();

async function validateLogin(username, password) {
  const url = loginUrl();
  if (!url) return { ok: false, configured: false };
  let res;
  try {
    res = await fetch(url, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ UserName: username, Password: password, UnibaseId: '', RememberMe: false }),
      signal: AbortSignal.timeout(15000),
    });
  } catch (e) {
    return { ok: false, configured: true, error: 'BizGaze sign-in is unavailable right now' };
  }
  let data;
  try { data = await res.json(); } catch { return { ok: false, configured: true, error: 'Unexpected response from BizGaze' }; }
  const s = data && data.currentSession;
  if (data && data.status === 1 && s) {
    return {
      ok: true, configured: true,
      name: s.name || null,
      isAdmin: !!s.isAdmin,
      tenantRef: s.tenantId != null ? String(s.tenantId) : null,  // BizGaze tenant (org) id
      bizgazeUserId: s.userId != null ? String(s.userId) : null,
      unibaseId: s.unibaseId || null,
      message: data.message || 'Login Success',
    };
  }
  return { ok: false, configured: true, message: (data && data.message) || 'Invalid BizGaze credentials' };
}

module.exports = { validateLogin, isEnabled };