import * as functions from 'firebase-functions';
import * as admin from 'firebase-admin';

/**
 * Firestore 트리거: users/{uid} 문서 변경 시 Custom Claims 동기화
 * users 문서의 role 필드가 변경되면 Firebase Auth Custom Claims를 업데이트
 */
export const syncCustomClaims = functions.firestore
  .document('users/{uid}')
  .onWrite(async (change, context) => {
    const uid = context.params.uid;

    if (!change.after.exists) {
      functions.logger.info(`User ${uid} deleted, clearing custom claims`);
      await admin.auth().setCustomUserClaims(uid, {});
      return;
    }

    const beforeData = change.before.exists ? change.before.data() : null;
    const afterData = change.after.data();

    if (!afterData) return;

    const beforeRole = beforeData?.role;
    const afterRole = afterData.role;

    if (beforeRole === afterRole) return;

    const validRoles = ['admin', 'reviewer', 'member', 'guest'];
    if (!validRoles.includes(afterRole)) {
      functions.logger.error(`Invalid role "${afterRole}" for user ${uid}`);
      return;
    }

    functions.logger.info(`Setting custom claims for ${uid}: role=${afterRole}`);
    await admin.auth().setCustomUserClaims(uid, { role: afterRole });
    functions.logger.info(`Custom claims updated for ${uid}: role=${afterRole}`);
  });