window.Auth = (function() {
  'use strict';

  const KEY_TOKEN = 'aqcrm_token';
  const KEY_USER  = 'aqcrm_user';

  let _user = null;

  function getUser() {
    if (!_user) {
      const raw = localStorage.getItem(KEY_USER);
      if (raw) {
        try { _user = JSON.parse(raw); } catch(e) { _user = null; }
      }
    }
    return _user;
  }

  return {
    getToken() { return localStorage.getItem(KEY_TOKEN); },

    getUser,

    get isAdmin() {
      const u = getUser();
      return u && u.is_admin === true;
    },

    get isLoggedIn() {
      return !!localStorage.getItem(KEY_TOKEN);
    },

    saveLogin(token, user) {
      localStorage.setItem(KEY_TOKEN, token);
      localStorage.setItem(KEY_USER, JSON.stringify(user));
      _user = user;
      Logger.info(`登录成功: ${user.username} (${user.role})`);
    },

    clearLogin() {
      localStorage.removeItem(KEY_TOKEN);
      localStorage.removeItem(KEY_USER);
      _user = null;
      Logger.info('已登出');
    },

    async login(username, password, dynamicCode) {
      const body = { username, password };
      if (dynamicCode) body.dynamic_code = dynamicCode;
      const res = await API.post('/auth/login', body);
      if (res.code === 0 && res.data) {
        this.saveLogin(res.data.token, res.data);
      }
      return res;
    },

    async logout() {
      try { await API.post('/auth/logout'); } catch(e) { /* ignore */ }
      this.clearLogin();
    },

    async fetchMe() {
      const res = await API.get('/auth/me');
      if (res.code === 0 && res.data) {
        const merged = { ...getUser(), ...res.data };
        localStorage.setItem(KEY_USER, JSON.stringify(merged));
        _user = merged;
      }
      return res;
    },
  };
})();