const DiscordStrategy = require('passport-discord').Strategy;
const db = require('../db');

module.exports = (passport) => {
  passport.use(new DiscordStrategy({
    clientID:     process.env.DISCORD_CLIENT_ID,
    clientSecret: process.env.DISCORD_CLIENT_SECRET,
    callbackURL:  `${process.env.APP_URL}/auth/discord/callback`,
    scope:        ['identify'],
  },
  async (accessToken, refreshToken, profile, done) => {
    try {
      const avatar = profile.avatar
        ? `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.png`
        : null;

      // User in DB upserten — speichert username + avatar für deserializeUser
      await db.query(
        `INSERT INTO users (discord_id, username, avatar)
         VALUES (?, ?, ?)
         ON DUPLICATE KEY UPDATE username=VALUES(username), avatar=VALUES(avatar)`,
        [profile.id, profile.username, avatar]
      );

      const isAdmin = (await db.query(
        'SELECT discord_id FROM admin_whitelist WHERE discord_id = ?',
        [profile.id]
      )).length > 0;

      return done(null, { id: profile.id, username: profile.username, avatar, isAdmin });
    } catch (err) {
      return done(err, null);
    }
  }));

  // Nur die Discord-ID in der Session — der Cookie bleibt winzig
  passport.serializeUser((user, done) => done(null, user.id));

  // Bei jedem Request alles frisch aus der DB laden
  passport.deserializeUser(async (id, done) => {
    try {
      const users = await db.query(
        'SELECT discord_id, username, avatar FROM users WHERE discord_id = ?', [id]
      );
      if (!users.length) return done(null, false);

      const isAdmin = (await db.query(
        'SELECT discord_id FROM admin_whitelist WHERE discord_id = ?', [id]
      )).length > 0;

      done(null, { id, username: users[0].username, avatar: users[0].avatar, isAdmin });
    } catch (e) {
      done(e, null);
    }
  });
};