// Bridge between AuthContext (owner of the access token) and api-client
// (needs it on every request). AuthContext registers getters/setters here
// on mount; api-client reads them. Avoids circular imports + lets us
// de-duplicate concurrent 401 refreshes via a shared in-flight promise.

let getAccessToken = () => null
let runRefresh = async () => null
let onUnauthenticated = () => {}

let refreshInFlight = null

export const registerAuthBridge = ({ getAccessToken: g, runRefresh: r, onUnauthenticated: u }) => {
  getAccessToken = g
  runRefresh = r
  onUnauthenticated = u
}

export const readAccessToken = () => getAccessToken()

export const refreshAccessToken = async () => {
  if (!refreshInFlight) {
    refreshInFlight = (async () => {
      try {
        return await runRefresh()
      } finally {
        refreshInFlight = null
      }
    })()
  }
  return refreshInFlight
}

export const notifyUnauthenticated = () => onUnauthenticated()