const TOKEN_KEY = 'wo_token';
const USER_KEY  = 'wo_user';

export function getToken() {
  return localStorage.getItem(TOKEN_KEY) || '';
}

export function setToken(token) {
  localStorage.setItem(TOKEN_KEY, token);
  try {
    const payload = JSON.parse(atob(token.split('.')[1]));
    localStorage.setItem(USER_KEY, JSON.stringify({
      id:          payload.uid,
      username:    payload.username,
      email:       payload.email,
      displayName: payload.name,
      role:        payload.role,
    }));
  } catch { /* ignore decode errors */ }
}

export function clearToken() {
  localStorage.removeItem(TOKEN_KEY);
  localStorage.removeItem(USER_KEY);
}

export function getUser() {
  const token = getToken();
  if (!token) return null;
  try {
    const payload = JSON.parse(atob(token.split('.')[1]));
    if (payload.exp && payload.exp * 1000 < Date.now()) {
      clearToken();
      return null;
    }
    const stored = localStorage.getItem(USER_KEY);
    return stored ? JSON.parse(stored) : null;
  } catch {
    return null;
  }
}

const ROLE_LEVEL = { admin: 4, dispatcher: 3, field_tech: 2, viewer: 1 };

export function hasRole(minRole) {
  const user = getUser();
  if (!user) return false;
  return (ROLE_LEVEL[user.role] || 0) >= (ROLE_LEVEL[minRole] || 0);
}