import React, { useState, useEffect } from 'react';
import { HashRouter as Router, Routes, Route, Navigate, useLocation } from 'react-router-dom';
import { Layout } from './components/Layout';
import { Dashboard } from './pages/Dashboard';
import { UserDetail } from './pages/UserDetail';
import { AttendanceDetail } from './pages/AttendanceDetail';
import { SuperAdmin } from './pages/SuperAdmin';
import { ApiKeys } from './pages/ApiKeys';
import { TeamManagement } from './pages/TeamManagement';
import { Teams } from './pages/Teams';
import { Funnels } from './pages/Funnels';
import { Login } from './pages/Login';
import { ForgotPassword } from './pages/ForgotPassword';
import { ResetPassword } from './pages/ResetPassword';
import { SetupAccount } from './pages/SetupAccount';
import { UserProfile } from './pages/UserProfile';
import { getUserById, logout } from './services/dataService';
import { User } from './types';

const AuthGuard: React.FC<{ children: React.ReactNode, roles?: string[] }> = ({ children, roles }) => {
  const [user, setUser] = useState<User | null>(null);
  const [loading, setLoading] = useState(true);
  const location = useLocation();

  useEffect(() => {
    const checkAuth = async () => {
      const storedUserId = localStorage.getItem('ctms_user_id');
      const storedToken = localStorage.getItem('ctms_token');

      if (!storedUserId || !storedToken || storedToken === 'undefined' || storedToken === 'null') {
        if (storedToken) logout(); // Limpar se for "undefined" string
        setLoading(false);
        return;
      }

      try {
        const fetchedUser = await getUserById(storedUserId);
        if (fetchedUser) {
          if (fetchedUser.status === 'active') {
            setUser(fetchedUser);
          } else {
            // User explicitly marked inactive or deleted
            logout();
            setUser(null);
          }
        } else {
          // If fetchedUser is undefined but didn't throw, it usually means a 401/403/404 (invalid token or user missing).
          // However, to be safe against random failures, we should only clear if we are sure it's invalid.
          // For now, if the token is completely rejected, we log out.
          logout();
          setUser(null);
        }
      } catch (err) {
        console.error("Auth check failed (network/server error):", err);
        // DO NOT logout() here. If the server is offline or restarting, 
        // we shouldn't wipe the user's local storage tokens.
        // We just leave the user as null, which will redirect them to login,
        // but their tokens remain so they can auto-login when the server is back.
        setUser(null);
      } finally {
        setLoading(false);
      }
    };
    checkAuth();
  }, [location.pathname]);

  if (loading) {
    return <div className="flex h-screen items-center justify-center bg-zinc-50 dark:bg-zinc-950 text-zinc-400">Carregando...</div>;
  }

  if (!user) {
    return <Navigate to="/login" replace />;
  }

  if (roles && !roles.includes(user.role)) {
    return <Navigate to="/" replace />;
  }

  // Auto-redirect Super Admins away from the standard dashboard to their specific panel
  if (location.pathname === '/' && user.role === 'super_admin') {
    return <Navigate to="/super-admin" replace />;
  }

  return <Layout>{children}</Layout>;
};

const App: React.FC = () => {
  return (
    <Router>
      <Routes>
        <Route path="/login" element={<Login />} />
        <Route path="/forgot-password" element={<ForgotPassword />} />
        <Route path="/reset-password" element={<ResetPassword />} />
        <Route path="/setup-account" element={<SetupAccount />} />
        <Route path="/" element={<AuthGuard><Dashboard /></AuthGuard>} />
        <Route path="/admin/users" element={<AuthGuard roles={['super_admin', 'admin', 'manager']}><TeamManagement /></AuthGuard>} />
        <Route path="/admin/teams" element={<AuthGuard roles={['super_admin', 'admin', 'manager']}><Teams /></AuthGuard>} />
        <Route path="/admin/funnels" element={<AuthGuard roles={['super_admin', 'admin', 'manager']}><Funnels /></AuthGuard>} />
        <Route path="/users/:id" element={<AuthGuard><UserDetail /></AuthGuard>} />
        <Route path="/attendances/:id" element={<AuthGuard><AttendanceDetail /></AuthGuard>} />
        <Route path="/super-admin" element={<AuthGuard roles={['super_admin']}><SuperAdmin /></AuthGuard>} />
        <Route path="/super-admin/api-keys" element={<AuthGuard roles={['super_admin']}><ApiKeys /></AuthGuard>} />
        <Route path="/profile" element={<AuthGuard><UserProfile /></AuthGuard>} />
        <Route path="*" element={<Navigate to="/" replace />} />
      </Routes>
    </Router>
  );
};

export default App;