// Authentication composable for Authentik integration
export const useAuth = () => {
  const user = ref(null);
  const isAuthenticated = ref(false);
  const isLoading = ref(false);

  // Check if user is authenticated
  const checkAuth = async () => {
    isLoading.value = true;
    
    try {
      const response = await $fetch('/api/auth/validate');
      
      if (response.statusCode === 200) {
        user.value = response.user;
        isAuthenticated.value = true;
        return true;
      } else {
        user.value = null;
        isAuthenticated.value = false;
        return false;
      }
    } catch (error) {
      user.value = null;
      isAuthenticated.value = false;
      return false;
    } finally {
      isLoading.value = false;
    }
  };

  // Get current user info
  const getCurrentUser = async () => {
    try {
      const userData = await $fetch('/api/auth/me');
      user.value = userData;
      isAuthenticated.value = true;
      return userData;
    } catch (error) {
      user.value = null;
      isAuthenticated.value = false;
      throw error;
    }
  };

  // Login redirect
  const login = () => {
    return navigateTo('/api/auth/login', { external: true });
  };

  // Logout
  const logout = () => {
    user.value = null;
    isAuthenticated.value = false;
    return navigateTo('/api/auth/logout', { external: true });
  };

  // Require authentication (for route guards)
  const requireAuth = async () => {
    const isAuth = await checkAuth();
    if (!isAuth) {
      throw createError({
        statusCode: 401,
        statusMessage: 'Authentication required'
      });
    }
    return user.value;
  };

  return {
    user: readonly(user),
    isAuthenticated: readonly(isAuthenticated),
    isLoading: readonly(isLoading),
    checkAuth,
    getCurrentUser,
    login,
    logout,
    requireAuth
  };
};