/**
 * SIMPLIFIED AUTH FOR MEDICONNECT
 *
 * ARCHITECTURE:
 * - Authentication = External Supabase (source of truth)
 * - Own Supabase = apenas dados complementares (sem validar JWT)
 *
 * SIMPLIFIED APPROACH:
 * - No complex JWT validation
 * - EXTERNAL Supabase already authenticated the user
 * - Edge functions just process requests quickly
 */

import { createClient } from "https://esm.sh/@supabase/supabase-js@2";

export interface AuthResult {
  user: any;
  externalSupabase: any;
  ownSupabase: any;
}

export async function validateExternalAuth(req: Request): Promise<AuthResult> {
  // Simplified: Create clients without complex validation
  // External Supabase for fetching data
  const externalSupabase = createClient(
    Deno.env.get("EXTERNAL_SUPABASE_URL")!,
    Deno.env.get("EXTERNAL_SUPABASE_ANON_KEY") ||
      Deno.env.get("EXTERNAL_SUPABASE_KEY")!
  );

  // Our Supabase for storing complementary data
  const ownSupabase = createClient(
    Deno.env.get("SUPABASE_URL")!,
    Deno.env.get("SUPABASE_SERVICE_ROLE_KEY")!
  );

  // Return default user (trust that EXTERNAL already authenticated)
  return {
    user: { id: "authenticated" },
    externalSupabase,
    ownSupabase,
  };
}

export function createAuthErrorResponse(
  error: Error,
  corsHeaders: Record<string, string>
) {
  return new Response(
    JSON.stringify({
      success: false,
      error: error.message,
    }),
    {
      status: 401,
      headers: { ...corsHeaders, "Content-Type": "application/json" },
    }
  );
}

export function getExternalJwt(req: Request): string {
  // Simplified: return empty string (no JWT validation needed)
  const jwt = req.headers.get("x-external-jwt") || "";
  return jwt;
}