use erp_core::error::AppError;

/// Auth module error types
#[derive(Debug, thiserror::Error)]
pub enum AuthError {
    #[error("用户名或密码错误")]
    InvalidCredentials,

    #[error("Token 已过期")]
    TokenExpired,

    #[error("Token 已被吊销")]
    TokenRevoked,

    #[error("用户已被{0}")]
    UserDisabled(String),

    #[error("密码哈希错误")]
    HashError(String),

    #[error("JWT 错误: {0}")]
    JwtError(#[from] jsonwebtoken::errors::Error),

    #[error("{0}")]
    Validation(String),
}

impl From<AuthError> for AppError {
    fn from(err: AuthError) -> Self {
        match err {
            AuthError::InvalidCredentials => AppError::Unauthorized,
            AuthError::TokenExpired => AppError::Unauthorized,
            AuthError::TokenRevoked => AppError::Unauthorized,
            AuthError::UserDisabled(s) => AppError::Forbidden(s),
            AuthError::Validation(s) => AppError::Validation(s),
            AuthError::HashError(_) => AppError::Internal(err.to_string()),
            AuthError::JwtError(_) => AppError::Unauthorized,
        }
    }
}

pub type AuthResult<T> = Result<T, AuthError>;