// API client — when apiUrl is configured, all data ops go through fetch().
// Otherwise the store operates purely on localStorage (local prototype mode).

const TOKEN_KEY = 'merida.token';
const API_URL_KEY = 'merida.apiUrl';

function getToken(){ return localStorage.getItem(TOKEN_KEY) || ''; }
function setToken(t){ if(t) localStorage.setItem(TOKEN_KEY, t); else localStorage.removeItem(TOKEN_KEY); }

function getApiUrl(){
  return 'https://meetback.meridatechminds.com';
}
function setApiUrl(u){
  // No-op, URL is strictly bound to hostname:4000
}

async function request(method, path, body){
  const base = getApiUrl();
  if(!base) throw new Error('Not connected to backend');
  const headers = { 'Content-Type': 'application/json' };
  const token = getToken();
  if(token) headers['Authorization'] = `Bearer ${token}`;
  const res = await fetch(base + path, {
    method,
    headers,
    body: body ? JSON.stringify(body) : undefined,
  });
  const text = await res.text();
  let payload;
  try { payload = text ? JSON.parse(text) : {}; } catch(e){ payload = { raw: text }; }
  if(!res.ok){
    const err = new Error(payload?.error || `${res.status} ${res.statusText}`);
    err.status = res.status;
    err.payload = payload;
    throw err;
  }
  return payload;
}

const api = {
  // config
  getApiUrl, setApiUrl, getToken, setToken,
  isConnected: () => !!getApiUrl(),

  async ping(url){
    // Test a backend URL without saving it
    const base = url.replace(/\/+$/,'');
    const res = await fetch(base + '/api/health');
    if(!res.ok) throw new Error(`Backend responded ${res.status}`);
    return res.json();
  },

  // auth
  login: (email, password) => request('POST', '/api/auth/login', { email, password }),
  forgotPassword: (email) => request('POST', '/api/auth/forgot', { email }),
  resetPassword: (email, code, newPassword) => request('POST', '/api/auth/reset', { email, code, newPassword }),
  me:     () => request('GET', '/api/me'),

  // bootstrap — fetch everything once after login
  bootstrap: () => request('GET', '/api/bootstrap'),

  // users
  createUser:  (data) => request('POST',  '/api/users', data),
  updateUser:  (id, patch) => request('PATCH', `/api/users/${id}`, patch),
  deleteUser:  (id) => request('DELETE', `/api/users/${id}`),

  // courses
  createCourse: (data) => request('POST',  '/api/courses', data),
  updateCourse: (id, patch) => request('PATCH', `/api/courses/${id}`, patch),
  deleteCourse: (id) => request('DELETE', `/api/courses/${id}`),
  assignCourseStudents: (id, students) => request('PATCH', `/api/courses/${id}/students`, { students }),

  // classes
  createClass: (data) => request('POST',  '/api/classes', data),
  updateClass: (id, patch) => request('PATCH', `/api/classes/${id}`, patch),
  deleteClass: (id) => request('DELETE', `/api/classes/${id}`),

  // meetings
  createMeeting: (data) => request('POST',  '/api/meetings', data),
  updateMeeting: (id, patch) => request('PATCH', `/api/meetings/${id}`, patch),
  deleteMeeting: (id) => request('DELETE', `/api/meetings/${id}`),
};

window.api = api;