ultisuite-client/lib/api/auth-store.ts

"use client"

import { create } from "zustand"
import { persist } from "zustand/middleware"
import { debouncedPersistJSONStorage } from "@/lib/stores/debounced-json-storage"
import type { PlatformUser } from "@/lib/auth/jwt-claims"

const AUTH_STORAGE_KEY = "ulti-auth"
const LEGACY_AUTH_KEYS = ["ultimail-auth", "ultidrive-auth"] as const

export { AUTH_STORAGE_KEY, LEGACY_AUTH_KEYS }

function migrateLegacyAuthStorage() {
  if (typeof window === "undefined") return
  try {
    if (localStorage.getItem(AUTH_STORAGE_KEY)) return
    for (const legacy of LEGACY_AUTH_KEYS) {
      const raw = localStorage.getItem(legacy)
      if (raw) {
        localStorage.setItem(AUTH_STORAGE_KEY, raw)
        return
      }
    }
  } catch {
    /* private mode / quota */
  }
}

migrateLegacyAuthStorage()

interface AuthState {
  accessToken: string | null
  refreshToken: string | null
  expiresAt: number | null
  user: PlatformUser | null
  login: (
    accessToken: string,
    refreshToken: string,
    expiresAt: number,
    user?: PlatformUser | null
  ) => void
  logout: () => void
  isAuthenticated: () => boolean
}

export const useAuthStore = create<AuthState>()(
  persist(
    (set, get) => ({
      accessToken: null,
      refreshToken: null,
      expiresAt: null,
      user: null,
      login: (accessToken, refreshToken, expiresAt, user = null) =>
        set({ accessToken, refreshToken, expiresAt, user }),
      logout: () =>
        set({
          accessToken: null,
          refreshToken: null,
          expiresAt: null,
          user: null,
        }),
      isAuthenticated: () => {
        const { accessToken, expiresAt, refreshToken } = get()
        if (!accessToken) return false
        if (expiresAt && Date.now() < expiresAt) return true
        // Access token expired — session may still be renewed via refresh token.
        return Boolean(refreshToken)
      },
    }),
    {
      name: AUTH_STORAGE_KEY,
      storage: debouncedPersistJSONStorage,
      partialize: (state) => ({
        accessToken: state.accessToken,
        refreshToken: state.refreshToken,
        expiresAt: state.expiresAt,
        user: state.user,
      }),
    }
  )
)