import { createAuthClient } from 'better-auth/vue'
import { jwtClient, organizationClient } from 'better-auth/client/plugins'
import {
  accessControl,
  adminRole,
  employeeRole,
  employerRole,
  ownerRole,
  ROLES,
  worksCouncilMemberRole
} from '~/server/utils/permissions'

export function useAuthClient() {
  const url = useRequestURL()
  const headers = import.meta.server ? useRequestHeaders() : undefined

  const client = createAuthClient({
    baseURL: url.origin,
    fetchOptions: {
      headers
    },
    user: {
      deleteUser: {
        enabled: true
      }
    },
    plugins: [
      organizationClient({
        // Pass the same access control instance and roles to client
        ac: accessControl,
        roles: {
          [ROLES.EMPLOYER]: employerRole,
          [ROLES.WORKS_COUNCIL_MEMBER]: worksCouncilMemberRole,
          [ROLES.EMPLOYEE]: employeeRole,
          [ROLES.ADMIN]: adminRole,
          [ROLES.OWNER]: ownerRole
        }
      }),
      jwtClient()
    ]
  })

  return {
    client
  }
}