// API-Client für den Mitreden-Worker.
// Liest die Basis-URL aus window.MITREDEN_API (siehe config.js).

const Api = (() => {
  const base = () => (window.MITREDEN_API || '').replace(/\/+$/, '');
  const isConfigured = () => !!base();

  async function req(path, { method = 'GET', body, auth } = {}) {
    if (!isConfigured()) {
      const e = new Error('API noch nicht konfiguriert — bitte config.js ausfüllen.');
      e.code = 'NO_API';
      throw e;
    }
    const headers = { 'content-type': 'application/json' };
    if (auth) headers['Authorization'] = `Bearer ${auth}`;
    const resp = await fetch(`${base()}${path}`, {
      method,
      headers,
      body: body !== undefined ? JSON.stringify(body) : undefined,
    });
    const data = await resp.json().catch(() => ({}));
    if (!resp.ok) {
      const e = new Error(data?.error || `HTTP ${resp.status}`);
      e.status = resp.status;
      throw e;
    }
    return data;
  }

  // Token-Storage für Admin-Session (im localStorage, 12h gültig)
  const TOKEN_KEY = 'mitreden_admin_token';
  const getAdminToken = () => {
    try {
      const raw = localStorage.getItem(TOKEN_KEY);
      if (!raw) return null;
      const { token, exp } = JSON.parse(raw);
      if (!exp || Date.now() / 1000 > exp) {
        localStorage.removeItem(TOKEN_KEY);
        return null;
      }
      return token;
    } catch { return null; }
  };
  const setAdminToken = (token, expiresIn) => {
    const exp = Math.floor(Date.now() / 1000) + (expiresIn || 12 * 3600);
    localStorage.setItem(TOKEN_KEY, JSON.stringify({ token, exp }));
  };
  const clearAdminToken = () => localStorage.removeItem(TOKEN_KEY);

  return {
    isConfigured,
    base,

    // Public
    listMeetings: () => req('/api/meetings'),
    joinMeeting: (id) => req(`/api/meetings/${id}/join`, { method: 'POST' }),

    // Admin
    login: (user, pass) => req('/api/admin/login', { method: 'POST', body: { user, pass } }),
    getAdminToken,
    setAdminToken,
    clearAdminToken,
    isAdminAuthed: () => !!getAdminToken(),

    listAllMeetings: () => req('/api/admin/meetings', { auth: getAdminToken() }),
    createMeeting: (title, scheduledAt) =>
      req('/api/admin/meetings', { method: 'POST', body: { title, scheduledAt }, auth: getAdminToken() }),
    deleteMeeting: (id) =>
      req(`/api/admin/meetings/${id}`, { method: 'DELETE', auth: getAdminToken() }),
    startMeeting: (id) =>
      req(`/api/admin/meetings/${id}/start`, { method: 'POST', auth: getAdminToken() }),
    endMeeting: (id) =>
      req(`/api/admin/meetings/${id}/end`, { method: 'POST', auth: getAdminToken() }),
    moderateMeeting: (id) =>
      req(`/api/admin/meetings/${id}/moderate`, { method: 'POST', auth: getAdminToken() }),
    adHocMeeting: (title) =>
      req('/api/admin/ad-hoc', { method: 'POST', body: { title }, auth: getAdminToken() }),
    muteAll: (id) =>
      req(`/api/admin/meetings/${id}/mute-all`, { method: 'POST', auth: getAdminToken() }),
    changeTopic: (id, title) =>
      req(`/api/admin/meetings/${id}/topic`, { method: 'POST', body: { title }, auth: getAdminToken() }),
  };
})();

window.Api = Api;
