import NextAuth from 'next-auth';
import { authConfig } from './auth.config';
import Credentials from 'next-auth/providers/credentials';
import { z } from 'zod';
import { getUserByEmail } from '@/lib/actions/user';
 
export const { handlers, auth, signIn, signOut } = NextAuth({
  ...authConfig,
  providers: [
    Credentials({
      async authorize(credentials) {
        const parsedCredentials = z
          .object({ email: z.string().email(), password: z.string().min(1) })
          .safeParse(credentials);

        if (parsedCredentials.success) {
          const { email, password } = parsedCredentials.data;
          
          const user = await getUserByEmail(email);
          if (!user || !user.password) return null;
          
          // WARNING: Storing passwords in plaintext is insecure.
          // This is for demonstration purposes only.
          // In a real application, you MUST hash and salt passwords.
          const passwordsMatch = password === user.password;

          if (passwordsMatch) {
            // The user object returned here will be encoded in the JWT.
            return { id: user.id, name: user.name, email: user.email };
          }
        }

        console.log('Invalid credentials');
        return null;
      },
    }),
  ]
});