import type { APIRequestContext, BrowserContext } from '@playwright/test'

import { readFixtures } from './fixtures'

// Login helper for Playwright e2e tests.
//
// Uses the SPA-style Bearer-via-cookie flow (see
// api/.../Traits/SetAuthCookie.php): POST /api/v1/auth/login returns a
// `crewli_app_token` httpOnly cookie. Subsequent /api/v1/* requests in
// the same browser context carry it automatically because Playwright's
// request fixture inherits cookies from the BrowserContext.
//
// NOT sanctum-stateful (CSRF-cookie + X-XSRF-TOKEN). The custom
// CookieBearerToken middleware (api/bootstrap/app.php) reads the
// auth cookie directly.

export interface LoginResult {
  request: APIRequestContext
  userId: string
  organisationId: string
}

/**
 * Authenticates the e2e baseline user against a freshly-seeded
 * Laravel test server. Returns the request context (auth cookie set)
 * and the user/org IDs from the response.
 */
export async function loginAsBaselineUser(context: BrowserContext): Promise<LoginResult> {
  const fixtures = readFixtures()

  const response = await context.request.post('/api/v1/auth/login', {
    data: {
      email: fixtures.user_email,
      password: fixtures.user_password,
    },
    headers: { 'Content-Type': 'application/json' },
  })

  if (!response.ok()) {
    throw new Error(
      `Login failed: ${response.status()} — ${await response.text()}`,
    )
  }

  const body = await response.json() as {
    success: boolean
    data: {
      user: {
        id: string
        organisations: Array<{ id: string; role: string }>
      }
    }
  }

  return {
    request: context.request,
    userId: body.data.user.id,
    organisationId: body.data.user.organisations[0].id,
  }
}