import React, { createContext, useContext, useState, ReactNode, useEffect } from 'react'; import { User, UserRole } from '../types'; // Mock Users Database const MOCK_USERS: User[] = [ { id: 'superadmin-1', name: 'Dev Admin', email: 'admin@photum.com', role: UserRole.SUPERADMIN, avatar: 'https://i.pravatar.cc/150?u=admin' }, { id: 'owner-1', name: 'PHOTUM CEO', email: 'empresa@photum.com', role: UserRole.BUSINESS_OWNER, avatar: 'https://i.pravatar.cc/150?u=ceo' }, { id: 'photographer-1', name: 'COLABORADOR PHOTUM', email: 'foto@photum.com', role: UserRole.PHOTOGRAPHER, avatar: 'https://i.pravatar.cc/150?u=photo' }, { id: 'client-1', name: 'PARCEIRO PHOTUM', email: 'cliente@photum.com', role: UserRole.EVENT_OWNER, avatar: 'https://i.pravatar.cc/150?u=client' } ]; interface AuthContextType { user: User | null; login: (email: string, password?: string) => Promise; logout: () => void; register: (data: { nome: string; email: string; senha: string; telefone: string; role: string; empresaId?: string }) => Promise<{ success: boolean; userId?: string; token?: string }>; availableUsers: User[]; // Helper for the login screen demo token: string | null; } const AuthContext = createContext(undefined); export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) => { const [user, setUser] = useState(null); const [token, setToken] = useState(localStorage.getItem("token")); useEffect(() => { const restoreSession = async () => { if (!token) return; try { const response = await fetch(`${import.meta.env.VITE_API_URL}/api/me`, { headers: { 'Authorization': `Bearer ${token}` } }); if (response.ok) { const data = await response.json(); const backendUser = data.user; const mappedUser: User = { id: backendUser.id, email: backendUser.email, name: backendUser.email.split('@')[0], role: backendUser.role as UserRole, ativo: backendUser.ativo, empresaId: backendUser.company_id || backendUser.empresa_id || backendUser.companyId, companyName: backendUser.company_name || backendUser.empresa_nome || backendUser.companyName, }; if (!backendUser.ativo) { console.warn("User is not active, logging out."); logout(); return; } setUser(mappedUser); } else { // Token invalid or expired logout(); } } catch (err) { console.error("Session restore error:", err); logout(); } }; if (!user && token) { restoreSession(); } }, [token]); // removed 'user' from dependency to avoid loop if user is set, though !user check handles it. safer to just depend on token mount. const getErrorMessage = (errorKey: string): string => { // Map backend error messages to Portuguese const errorMap: { [key: string]: string } = { "email already registered": "Este e-mail já está cadastrado.", "invalid credentials": "E-mail ou senha incorretos.", "user not found": "Usuário não encontrado.", "crypto/bcrypt: hashedPassword is not the hash of the given password": "Senha incorreta.", "password is too short": "A senha é muito curta.", "cpf already registered": "CPF já cadastrado.", }; // Check for partial matches or exact matches if (errorMap[errorKey]) return errorMap[errorKey]; // Fallbacks if (errorKey.includes('hashedPassword')) return "Senha incorreta."; if (errorKey.includes('email')) return "Erro relacionado ao e-mail."; if (errorKey.includes('password')) return "Erro relacionado à senha."; return "Ocorreu um erro inesperado. Tente novamente."; }; const login = async (email: string, password?: string) => { // 1. Try Real API first try { const response = await fetch(`${import.meta.env.VITE_API_URL}/auth/login`, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ email, senha: password }) }); if (!response.ok) { const errorData = await response.json().catch(() => ({})); throw new Error(getErrorMessage(errorData.error || 'Falha no login')); } const data = await response.json(); const backendUser = data.user; // Enforce active check if (!backendUser.ativo) { throw new Error("Cadastro pendente de aprovação."); } // Store token (optional, if you need it for other requests outside cookies) localStorage.setItem('token', data.access_token); setToken(data.access_token); // Map backend user to frontend User type const mappedUser: User = { id: backendUser.id, email: backendUser.email, name: backendUser.email.split('@')[0], // Fallback name or from profile if available role: backendUser.role as UserRole, ativo: backendUser.ativo, empresaId: backendUser.company_id || backendUser.empresa_id || backendUser.companyId, companyName: backendUser.company_name || backendUser.empresa_nome || backendUser.companyName, // ... propagate other fields if needed or fetch profile }; setUser(mappedUser); return true; } catch (err) { console.error('Login error:', err); // 2. Fallback to Demo/Mock users if API fails const mockUser = MOCK_USERS.find(u => u.email === email); if (mockUser) { console.log('Using demo user:', mockUser.email); await new Promise(resolve => setTimeout(resolve, 500)); // Simulate delay setUser({ ...mockUser, ativo: true }); return true; } throw err; } }; const logout = async () => { try { if (token) { await fetch(`${import.meta.env.VITE_API_URL}/auth/logout`, { method: 'POST', headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${token}` // Though refresh token is in cookie }, // body: JSON.stringify({ refresh_token: ... }) // If we had it in client state, but it is in cookie. }); } } catch (error) { console.error("Logout failed", error); } finally { localStorage.removeItem('token'); setToken(null); setUser(null); // Force redirect or let app router handle it safely window.location.href = '/'; } }; const register = async (data: { nome: string; email: string; senha: string; telefone: string; role: string; empresaId?: string }) => { try { // Destructure to separate empresaId from the rest const { empresaId, ...rest } = data; const payload = { ...rest, empresa_id: empresaId }; const response = await fetch(`${import.meta.env.VITE_API_URL}/auth/register`, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(payload) }); if (!response.ok) { const errorData = await response.json().catch(() => ({})); const rawError = errorData.error || 'Falha no cadastro'; throw new Error(getErrorMessage(rawError)); } const responseData = await response.json(); // IF user is returned (auto-login), logic: // Only set user/token if they are ACTIVE (which they won't be for standard clients/professionals) // This allows the "Pending Approval" modal to show instead of auto-redirecting. if (responseData.user && responseData.user.ativo) { if (responseData.access_token) { localStorage.setItem('token', responseData.access_token); setToken(responseData.access_token); } const backendUser = responseData.user; const mappedUser: User = { id: backendUser.id, email: backendUser.email, name: backendUser.nome || backendUser.email.split('@')[0], role: backendUser.role as UserRole, ativo: backendUser.ativo, empresaId: backendUser.company_id || backendUser.empresa_id || backendUser.companyId, companyName: backendUser.company_name || backendUser.empresa_nome || backendUser.companyName, }; setUser(mappedUser); } // If user is NOT active, we do NOT set the token/user state, preventing auto-login. return { success: true, userId: responseData.user?.id || responseData.userId, token: responseData.access_token }; } catch (err) { console.error('Registration error:', err); throw err; } }; return ( {children} ); }; export const useAuth = () => { const context = useContext(AuthContext); if (!context) throw new Error('useAuth must be used within an AuthProvider'); return context; };