import { WorkOS } from '@workos-inc/node';

function getWorkOS(): WorkOS {
  const apiKey = process.env.WORKOS_API_KEY || import.meta.env.WORKOS_API_KEY;
  if (!apiKey) {
    throw new Error('WORKOS_API_KEY is missing');
  }
  return new WorkOS(apiKey);
}

interface CreateUserResult {
  userId: string | null;
  error?: string;
}

export async function createOrGetWorkOSUser(email: string): Promise<CreateUserResult> {
  try {
    const workos = getWorkOS();

    const users = await workos.userManagement.listUsers({
      email,
      limit: 1,
    });

    if (users.data.length > 0) {
      return { userId: users.data[0].id };
    }

    const user = await workos.userManagement.createUser({
      email: email.toLowerCase(),
      emailVerified: false,
    });

    return { userId: user.id };
  } catch (error) {
    return {
      userId: null,
      error: error instanceof Error ? error.message : 'WorkOS: Failed to save email address',
    };
  }
}

export async function sendMagicAuthCode(
  email: string
): Promise<{ success: boolean; error?: string }> {
  try {
    const workos = getWorkOS();

    await workos.userManagement.sendMagicAuthCode({
      email: email.toLowerCase(),
    });

    return { success: true };
  } catch (error) {
    return {
      success: false,
      error: error instanceof Error ? error.message : 'WorkOS: Failed to send verification code',
    };
  }
}

export async function verifyMagicAuthCode(
  email: string,
  code: string
): Promise<{ success: boolean; userId?: string; error?: string }> {
  try {
    const workos = getWorkOS();
    const clientId = process.env.WORKOS_CLIENT_ID || import.meta.env.WORKOS_CLIENT_ID;

    if (!clientId) {
      throw new Error('WORKOS_CLIENT_ID is missing');
    }

    const result = await workos.userManagement.authenticateWithMagicAuth({
      email: email.toLowerCase(),
      code,
      clientId,
    });

    return { success: true, userId: result.user.id };
  } catch (error) {
    return {
      success: false,
      error: error instanceof Error ? error.message : 'WorkOS: Code is wrong or expired',
    };
  }
}

export async function deleteUserSubmission(
  userId: string,
  email: string
): Promise<{ success: boolean; error?: string }> {
  try {
    const workos = getWorkOS();

    const users = await workos.userManagement.listUsers({
      email,
      limit: 1,
    });

    if (users.data.length === 0 || users.data[0].id !== userId) {
      return {
        success: false,
        error: 'WorkOS: Email verification failed',
      };
    }

    return { success: true };
  } catch (error) {
    return {
      success: false,
      error: error instanceof Error ? error.message : 'WorkOS: Failed to validate user identity',
    };
  }
}