/**
 * Auth Domain - Contract
 *
 * Constants and types for the authentication domain.
 * All validated types are derived from schemas (see schema.ts).
 */

// ============================================================================
// Authentication Error Codes
// ============================================================================

export const AUTH_ERROR_CODE = {
  INVALID_CREDENTIALS: "INVALID_CREDENTIALS",
  EMAIL_NOT_VERIFIED: "EMAIL_NOT_VERIFIED",
  ACCOUNT_LOCKED: "ACCOUNT_LOCKED",
  MFA_REQUIRED: "MFA_REQUIRED",
  INVALID_TOKEN: "INVALID_TOKEN",
  TOKEN_EXPIRED: "TOKEN_EXPIRED",
  PASSWORD_TOO_WEAK: "PASSWORD_TOO_WEAK",
  EMAIL_ALREADY_EXISTS: "EMAIL_ALREADY_EXISTS",
  WHMCS_ACCOUNT_NOT_FOUND: "WHMCS_ACCOUNT_NOT_FOUND",
  SALESFORCE_ACCOUNT_NOT_FOUND: "SALESFORCE_ACCOUNT_NOT_FOUND",
  LINKING_FAILED: "LINKING_FAILED",
} as const;

export type AuthErrorCode = (typeof AUTH_ERROR_CODE)[keyof typeof AUTH_ERROR_CODE];

// ============================================================================
// Token Type Constants
// ============================================================================

export const TOKEN_TYPE = {
  BEARER: "Bearer",
} as const;

export type TokenTypeValue = (typeof TOKEN_TYPE)[keyof typeof TOKEN_TYPE];

// ============================================================================
// Gender Constants
// ============================================================================

export const GENDER = {
  MALE: "male",
  FEMALE: "female",
  OTHER: "other",
} as const;

export type GenderValue = (typeof GENDER)[keyof typeof GENDER];

// ============================================================================
// Security Configuration Constants
// ============================================================================

/**
 * Password reset token configuration
 * Single-use tokens tracked in Redis
 */
export const PASSWORD_RESET_CONFIG = {
  /** Time-to-live in seconds (15 minutes) */
  TTL_SECONDS: 900,
  /** Tokens can only be used once */
  SINGLE_USE: true,
} as const;

/**
 * OTP (One-Time Password) configuration
 * Used for email verification in get-started flow
 */
export const OTP_CONFIG = {
  /** Time-to-live in seconds (10 minutes) */
  TTL_SECONDS: 600,
  /** Maximum verification attempts before invalidation */
  MAX_ATTEMPTS: 3,
  /** Length of generated code */
  CODE_LENGTH: 6,
} as const;

// ============================================================================
// Re-export Types from Schema (Schema-First Approach)
// ============================================================================

export type {
  // Request types
  LoginRequest,
  SignupRequest,
  PasswordResetRequest,
  ResetPasswordRequest,
  SetPasswordRequest,
  ChangePasswordRequest,
  LinkWhmcsRequest,
  ValidateSignupRequest,
  UpdateCustomerProfileRequest,
  AccountStatusRequest,
  SsoLinkRequest,
  CheckPasswordNeededRequest,
  RefreshTokenRequest,
  // Token types
  AuthTokens,
  AuthSession,
  PasswordResetTokenPayload,
  // Response types
  AuthResponse,
  SignupResult,
  PasswordChangeResult,
  SsoLinkResponse,
  CheckPasswordNeededResponse,
  LinkWhmcsResponse,
  // Error types
  AuthError,
} from "./schema.js";