// Authentik API utilities
export const authentikFetch = async (endpoint, options = {}) => {
  const config = useRuntimeConfig();
  const AUTHENTIK_BASE_URL = `${config.public.authentikUrl}/api/v3`;
  
  const defaultOptions = {
    headers: {
      'Content-Type': 'application/json',
      'Authorization': `Bearer ${config.authentik.apiToken}`
    }
  };

  try {
    // Log the request for debugging
    console.log(`Authentik API Request: ${AUTHENTIK_BASE_URL}${endpoint}`);
    
    const response = await $fetch(`${AUTHENTIK_BASE_URL}${endpoint}`, {
      ...defaultOptions,
      ...options,
      headers: {
        ...defaultOptions.headers,
        ...options.headers
      }
    });
    return response;
  } catch (error) {
    console.error(`Authentik API Error for ${endpoint}:`, error);
    throw createError({
      statusCode: error.response?.status || 500,
      message: error.message || 'Failed to communicate with Authentik API'
    });
  }
};

export const getAuthentikUser = async (userId) => {
  return await authentikFetch(`/core/users/${userId}/`);
};

export const getAuthentikGroups = async () => {
  return await authentikFetch('/core/groups/');
};

export const createAuthentikApplication = async (applicationData) => {
  return await authentikFetch('/core/applications/', {
    method: 'POST',
    body: applicationData
  });
};

export const createAuthentikProvider = async (providerData) => {
  return await authentikFetch('/providers/oauth2/', {
    method: 'POST',
    body: providerData
  });
};

export const linkProviderToApplication = async (applicationId, providerId) => {
  return await authentikFetch(`/core/applications/${applicationId}/`, {
    method: 'PATCH',
    body: {
      provider: providerId
    }
  });
};

// Add a utility function to verify tokens
export const verifyToken = async (token) => {
  return await authentikFetch('/core/tokens/verify/', {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${token}`
    }
  });
};