/**
 * Auth Domain - Contract
 *
 * Canonical authentication types shared across applications.
 */

import type { IsoDateTimeString, Address } from "../common/types";

export type UserRole = "USER" | "ADMIN";

export interface UserProfile {
  id: string;
  email: string;
  firstName?: string;
  lastName?: string;
  company?: string;
  phone?: string;
  address?: Address;
  avatar?: string;
  preferences?: Record<string, unknown>;
  emailVerified: boolean;
  mfaEnabled: boolean;
  lastLoginAt?: IsoDateTimeString;
  createdAt?: IsoDateTimeString;
  updatedAt?: IsoDateTimeString;
}

export interface AuthenticatedUser extends UserProfile {
  role: UserRole;
}

export interface AuthTokens {
  accessToken: string;
  refreshToken: string;
  expiresAt: IsoDateTimeString;
  refreshExpiresAt: IsoDateTimeString;
  tokenType: "Bearer";
}

export interface AuthResponse {
  user: AuthenticatedUser;
  tokens: AuthTokens;
}

export interface LoginRequest {
  email: string;
  password: string;
  mfaCode?: string;
  rememberMe?: boolean;
}

export interface SignupRequest {
  email: string;
  password: string;
  firstName: string;
  lastName: string;
  phone?: string;
  company?: string;
  sfNumber: string;
  address?: Address;
  nationality?: string;
  dateOfBirth?: string;
  gender?: "male" | "female" | "other";
  acceptTerms: boolean;
  marketingConsent?: boolean;
}

export interface ForgotPasswordRequest {
  email: string;
}

export interface ResetPasswordRequest {
  token: string;
  password: string;
  confirmPassword?: string;
}

export interface ChangePasswordRequest {
  currentPassword: string;
  newPassword: string;
}

export interface LinkWhmcsRequest {
  email: string;
  password: string;
}

export interface SetPasswordRequest {
  email: string;
  password: string;
}

export interface ValidateSignupRequest {
  sfNumber: string;
}

export interface UpdateProfileRequest {
  firstName?: string;
  lastName?: string;
  company?: string;
  phone?: string;
  avatar?: string;
  nationality?: string;
  dateOfBirth?: string;
  gender?: "male" | "female" | "other";
}

export interface UpdateAddressRequest {
  address: Address;
}

export interface Activity {
  id: string;
  type: string;
  description: string;
  createdAt: IsoDateTimeString;
}

export interface AuthError {
  code:
    | "INVALID_CREDENTIALS"
    | "USER_NOT_FOUND"
    | "EMAIL_ALREADY_EXISTS"
    | "EMAIL_NOT_VERIFIED"
    | "INVALID_TOKEN"
    | "TOKEN_EXPIRED"
    | "ACCOUNT_LOCKED"
    | "RATE_LIMITED"
    | "NETWORK_ERROR";
  message: string;
  details?: Record<string, unknown>;
}