import type { NextAuthConfig } from 'next-auth';

/**
 * Edge-safe portion of the Auth.js config. The middleware imports THIS, never
 * the full `auth.ts` — Credentials providers and the Prisma client are not
 * edge-compatible, so they live exclusively in auth.ts which runs in the
 * Node.js runtime (route handlers).
 */
export const authConfig = {
  trustHost: true,
  session: { strategy: 'jwt' },
  pages: {
    // No login UI in this scaffold phase. See auth.ts for the placeholder.
  },
  callbacks: {
    async jwt({ token, user }) {
      if (user) {
        // user is the value returned from `authorize()` in the Credentials provider.
        // eslint-disable-next-line @typescript-eslint/no-explicit-any
        const u = user as any;
        token.id = u.id;
        token.role = u.role;
        token.tenantId = u.tenantId;
      }
      return token;
    },
    async session({ session, token }) {
      if (token && session.user) {
        // eslint-disable-next-line @typescript-eslint/no-explicit-any
        (session.user as any).id = token.id;
        // eslint-disable-next-line @typescript-eslint/no-explicit-any
        (session.user as any).role = token.role;
        // eslint-disable-next-line @typescript-eslint/no-explicit-any
        (session.user as any).tenantId = token.tenantId;
      }
      return session;
    },
  },
  providers: [],
} satisfies NextAuthConfig;