import type { NextAuthConfig } from 'next-auth';

/**
 * Edge-safe portion of the Auth.js config for admin-web.
 * Imported by middleware — no Credentials provider, no Prisma.
 */
export const authConfig = {
  trustHost: true,
  session: { strategy: 'jwt' },
  pages: {
    signIn: '/login',
  },
  // Distinct cookie names prevent session collision with operator-pwa on localhost
  // (cookies are not isolated by port — only by name and domain).
  cookies: {
    sessionToken: { name: 'fieldops-admin.session-token' },
    callbackUrl:  { name: 'fieldops-admin.callback-url' },
    csrfToken:    { name: 'fieldops-admin.csrf-token' },
  },
  callbacks: {
    async jwt({ token, user }) {
      if (user) {
        // eslint-disable-next-line @typescript-eslint/no-explicit-any
        const u = user as any;
        token.id = u.id;
        token.role = u.role;
        token.tenantId = u.tenantId;
      }
      return token;
    },
    async session({ session, token }) {
      if (token && session.user) {
        // eslint-disable-next-line @typescript-eslint/no-explicit-any
        (session.user as any).id = token.id;
        // eslint-disable-next-line @typescript-eslint/no-explicit-any
        (session.user as any).role = token.role;
        // eslint-disable-next-line @typescript-eslint/no-explicit-any
        (session.user as any).tenantId = token.tenantId;
      }
      return session;
    },
  },
  providers: [],
} satisfies NextAuthConfig;