const Auth = (() => {
  let currentUser = null;

  function getToken() { return localStorage.getItem('token'); }
  function setToken(token) { localStorage.setItem('token', token); }
  function clearToken() { localStorage.removeItem('token'); }

  function getCurrentUser() { return currentUser; }
  function isLoggedIn() { return !!getToken(); }
  function isAdmin() { return currentUser?.isAdmin || false; }

  async function init() {
    if (!getToken()) return false;
    try {
      currentUser = await API.me();
      return true;
    } catch (e) {
      clearToken();
      return false;
    }
  }

  function logout() {
    clearToken();
    currentUser = null;
    window.location.reload();
  }

  function setupForms() {
    // Tab switching
    document.querySelectorAll('.auth-tab').forEach(btn => {
      btn.addEventListener('click', () => {
        document.querySelectorAll('.auth-tab').forEach(b => b.classList.remove('active'));
        btn.classList.add('active');
        const tab = btn.dataset.tab;
        document.getElementById('login-form').style.display = tab === 'login' ? 'flex' : 'none';
        document.getElementById('register-form').style.display = tab === 'register' ? 'flex' : 'none';
        document.getElementById('auth-error').style.display = 'none';
      });
    });

    document.getElementById('login-form').addEventListener('submit', async (e) => {
      e.preventDefault();
      const login = document.getElementById('login-username').value.trim();
      const password = document.getElementById('login-password').value;
      try {
        const res = await API.login(login, password);
        setToken(res.token);
        currentUser = res.user;
        window.location.reload();
      } catch (err) {
        showAuthError(err.message);
      }
    });

    document.getElementById('register-form').addEventListener('submit', async (e) => {
      e.preventDefault();
      const login = document.getElementById('reg-username').value.trim();
      const email = document.getElementById('reg-email').value.trim();
      const password = document.getElementById('reg-password').value;
      try {
        await API.register(login, email, password);
        showAuthError('Registration successful! You can now login (or wait for admin activation).', 'success');
      } catch (err) {
        showAuthError(err.message);
      }
    });
  }

  function showAuthError(msg, type = 'error') {
    const el = document.getElementById('auth-error');
    el.textContent = msg;
    el.className = type === 'success' ? 'success-msg' : 'error-msg';
    el.style.display = 'block';
  }

  return { init, logout, getCurrentUser, isLoggedIn, isAdmin, setupForms, getToken };
})();