;; Auth page components (device auth — account-specific)
;; Login and check-email components are shared: see shared/sx/templates/auth.sx

(defcomp ~auth/device-error (&key (error :as string))
  (when error
    (div :class "bg-red-50 border border-red-200 text-red-700 p-3 rounded mb-4"
      error)))

(defcomp ~auth/device-form (&key error (action :as string) (csrf-token :as string) (code :as string))
  (div :class "py-8 max-w-md mx-auto"
    (h1 :class "text-2xl font-bold mb-6" "Authorize device")
    (p :class "text-stone-600 mb-4" "Enter the code shown in your terminal to sign in.")
    error
    (form :method "post" :action action :class "space-y-4"
      (input :type "hidden" :name "csrf_token" :value csrf-token)
      (div
        (label :for "code" :class "block text-sm font-medium mb-1" "Device code")
        (input :type "text" :name "code" :id "code" :value code :placeholder "XXXX-XXXX"
          :required true :autofocus true :maxlength "9" :autocomplete "off" :spellcheck "false"
          :class "w-full border border-stone-300 rounded px-3 py-3 text-center text-2xl tracking-widest font-mono uppercase focus:outline-none focus:ring-2 focus:ring-stone-500"))
      (button :type "submit"
        :class "w-full bg-stone-800 text-white py-2 px-4 rounded hover:bg-stone-700 transition"
        "Authorize"))))

(defcomp ~auth/device-approved ()
  (div :class "py-8 max-w-md mx-auto text-center"
    (h1 :class "text-2xl font-bold mb-4" "Device authorized")
    (p :class "text-stone-600" "You can close this window and return to your terminal.")))

;; Assembled auth page content — replaces Python _login_page_content etc.

(defcomp ~auth/login-content (&key (error :as string?) (email :as string?))
  (~shared:auth/login-form
    :error (when error (~shared:auth/error-banner :error error))
    :action (url-for "auth.start_login")
    :csrf-token (csrf-token)
    :email (or email "")))

(defcomp ~auth/device-content (&key (error :as string?) (code :as string?))
  (~auth/device-form
    :error (when error (~auth/device-error :error error))
    :action (url-for "auth.device_submit")
    :csrf-token (csrf-token)
    :code (or code "")))

(defcomp ~auth/check-email-content (&key (email :as string?) (email-error :as string?))
  (~shared:auth/check-email
    :email (escape (or email ""))
    :error (when email-error
             (~shared:auth/check-email-error :error (escape email-error)))))