import type { H3Event } from 'h3'
import { getCookie, setCookie, deleteCookie, getHeader } from 'h3'

const SESSION_COOKIE_NAME = 'routebox_session'
const SESSION_MAX_AGE = 60 * 60 * 24 * 7 // 7 days

export interface SessionData {
  token: string
  tenantId: string
  userId: string
  email: string
}

/**
 * Determine if the request is over a secure connection
 * Checks both direct HTTPS and proxy headers
 */
function isSecureRequest(event: H3Event): boolean {
  // Check x-forwarded-proto header (set by reverse proxies)
  const forwardedProto = getHeader(event, 'x-forwarded-proto')
  if (forwardedProto === 'https') {
    return true
  }
  
  // Check if NODE_ENV is production (assume HTTPS in production)
  if (process.env.NODE_ENV === 'production') {
    return true
  }
  
  return false
}

/**
 * Get the session token from HTTP-only cookie
 */
export function getSessionToken(event: H3Event): string | null {
  return getCookie(event, SESSION_COOKIE_NAME) || null
}

/**
 * Set the session token in an HTTP-only cookie
 */
export function setSessionCookie(event: H3Event, token: string): void {
  const secure = isSecureRequest(event)
  
  setCookie(event, SESSION_COOKIE_NAME, token, {
    httpOnly: true,
    secure,
    sameSite: 'lax',
    maxAge: SESSION_MAX_AGE,
    path: '/',
  })
}

/**
 * Clear the session cookie
 */
export function clearSessionCookie(event: H3Event): void {
  deleteCookie(event, SESSION_COOKIE_NAME, {
    path: '/',
  })
}

/**
 * Get tenant ID from a separate cookie (for SSR access)
 * This is NOT the auth token - just tenant context
 */
export function getTenantIdFromCookie(event: H3Event): string | null {
  return getCookie(event, 'routebox_tenant') || null
}

/**
 * Set tenant ID cookie (readable by client for context)
 */
export function setTenantIdCookie(event: H3Event, tenantId: string): void {
  const secure = isSecureRequest(event)
  
  setCookie(event, 'routebox_tenant', tenantId, {
    httpOnly: false, // Allow client to read tenant context
    secure,
    sameSite: 'lax',
    maxAge: SESSION_MAX_AGE,
    path: '/',
  })
}

/**
 * Clear tenant ID cookie
 */
export function clearTenantIdCookie(event: H3Event): void {
  deleteCookie(event, 'routebox_tenant', {
    path: '/',
  })
}