/**
 * Auth Domain - Contract
 *
 * Canonical authentication types shared across applications.
 * Most types are derived from schemas (see schema.ts).
 */

import type { IsoDateTimeString } from "../common/types";
import type { CustomerProfile } from "../customer/contract";

// ============================================================================
// User Role
// ============================================================================

export type UserRole = "USER" | "ADMIN";

// ============================================================================
// Authenticated User (Core Type)
// ============================================================================

/**
 * AuthenticatedUser - Complete user profile with authentication state
 * Extends CustomerProfile (from WHMCS) with auth-specific fields from portal DB
 * Follows WHMCS client field naming (firstname, lastname, etc.)
 */
export interface AuthenticatedUser extends CustomerProfile {
  role: UserRole;
  emailVerified: boolean;
  mfaEnabled: boolean;
  lastLoginAt?: IsoDateTimeString;
}

/**
 * User profile type alias
 */
export type UserProfile = AuthenticatedUser;

// ============================================================================
// Auth Error (Business Type)
// ============================================================================

export interface AuthError {
  code:
    | "INVALID_CREDENTIALS"
    | "USER_NOT_FOUND"
    | "EMAIL_ALREADY_EXISTS"
    | "EMAIL_NOT_VERIFIED"
    | "INVALID_TOKEN"
    | "TOKEN_EXPIRED"
    | "ACCOUNT_LOCKED"
    | "RATE_LIMITED"
    | "NETWORK_ERROR";
  message: string;
  details?: Record<string, unknown>;
}

// ============================================================================
// Re-export Types from Schema (Schema-First Approach)
// ============================================================================

export type {
  // Request types
  LoginRequest,
  SignupRequest,
  PasswordResetRequest,
  ResetPasswordRequest,
  SetPasswordRequest,
  ChangePasswordRequest,
  LinkWhmcsRequest,
  ValidateSignupRequest,
  UpdateCustomerProfileRequest,
  AccountStatusRequest,
  SsoLinkRequest,
  CheckPasswordNeededRequest,
  RefreshTokenRequest,
  // Response types
  AuthTokens,
  AuthResponse,
} from './schema';

// Re-export from customer for convenience
export type { Activity } from "../dashboard/contract";