baron-sso/userfront/lib/main.dart

import 'package:flutter/foundation.dart';
import 'package:flutter/material.dart';
import 'package:flutter_riverpod/flutter_riverpod.dart';
import 'package:flutter_dotenv/flutter_dotenv.dart';
import 'package:descope/descope.dart';
import 'package:go_router/go_router.dart';
import 'package:google_fonts/google_fonts.dart';
import 'package:flutter_web_plugins/url_strategy.dart';
import 'features/auth/presentation/login_screen.dart';
import 'features/auth/presentation/signup_screen.dart';
import 'features/auth/presentation/approve_qr_screen.dart';
import 'features/auth/presentation/qr_scan_screen.dart';
import 'features/auth/presentation/forgot_password_screen.dart';
import 'features/auth/presentation/reset_password_screen.dart';
import 'features/dashboard/presentation/dashboard_screen.dart';
import 'features/admin/presentation/user_management_screen.dart';
import 'features/profile/presentation/pages/profile_page.dart';
import 'features/profile/presentation/pages/edit_profile_page.dart';
import 'core/services/auth_proxy_service.dart';
import 'core/services/auth_token_store.dart';
import 'core/services/logger_service.dart';
import 'core/notifiers/auth_notifier.dart';
import 'package:logging/logging.dart';

final _log = Logger('Main');

void main() async {
  WidgetsFlutterBinding.ensureInitialized();
  usePathUrlStrategy();
  
  // 1. Global Error Handling
  FlutterError.onError = (details) {
    FlutterError.presentError(details);
    _log.severe("FLUTTER_ERROR", details.exception, details.stack);
    // Also send to backend if needed
    AuthProxyService.logError("FLUTTER_ERROR: ${details.exception}\n${details.stack}");
  };

  PlatformDispatcher.instance.onError = (error, stack) {
    _log.severe("PLATFORM_ERROR", error, stack);
    AuthProxyService.logError("PLATFORM_ERROR: $error\n$stack");
    return true;
  };

  // .env가 없더라도 초기화 상태를 보장하도록 optional 로딩
  try {
    await dotenv.load(fileName: ".env", isOptional: true);
  } catch (e) {
    _log.warning("Warning: .env file load failed: $e");
  }

  // 0. Initialize Logger
  LoggerService.init();

  // Initialize Descope (프로젝트 ID가 없으면 경고만 남기고 진행)
  final projectId = dotenv.maybeGet('DESCOPE_PROJECT_ID') ?? '';
  if (projectId.isEmpty || projectId == 'your-project-id') {
    _log.severe("DESCOPE_PROJECT_ID is missing. Descope may not work correctly.");
  }
  Descope.setup(projectId);

  // Load saved session if any
  try {
    // 저장된 세션 불러옴
    await Descope.sessionManager.loadSession();
  } catch (e) {
    _log.warning("Failed to load session: $e");
  }

  runApp(const ProviderScope(child: BaronSSOApp()));
}

// Router Configuration
final _routerLogger = Logger('Router');

final _router = GoRouter(
  initialLocation: '/',
  debugLogDiagnostics: true, // Enable diagnostic logs
  refreshListenable: AuthNotifier.instance,
  routes: [
    GoRoute(
      path: '/',
      builder: (context, state) {
        _routerLogger.info("Navigating to root (DashboardScreen)");
        return const DashboardScreen();
      },
    ),
    GoRoute(
      path: '/profile',
      builder: (context, state) => const ProfilePage(),
      routes: [
        GoRoute(
          path: 'edit',
          builder: (context, state) => const EditProfilePage(),
        ),
      ],
    ),
    GoRoute(
      path: '/signin', 
      builder: (context, state) {
        _routerLogger.info("Navigating to /signin");
        return const LoginScreen();
      }
    ),
    GoRoute(
      path: '/signup',
      builder: (context, state) {
        _routerLogger.info("Navigating to /signup");
        return const SignupScreen();
      },
    ),
    GoRoute(
      path: '/verify',
      builder: (context, state) {
        _routerLogger.info("Navigating to /verify (query)");
        return const LoginScreen();
      },
    ),
    GoRoute(
      path: '/verify/:token',
      builder: (context, state) {
        final token = state.pathParameters['token'];
        _routerLogger.info("Navigating to /verify with token: $token");
        return LoginScreen(verificationToken: token);
      },
    ),
    GoRoute(
      path: '/l/:shortCode',
      builder: (context, state) {
        final shortCode = state.pathParameters['shortCode'];
        _routerLogger.info("Navigating to /l with code: $shortCode");
        return const LoginScreen();
      },
    ),
    GoRoute(
      path: '/forgot-password',
      builder: (context, state) {
        _routerLogger.info("Navigating to /forgot-password");
        return const ForgotPasswordScreen();
      },
    ),
    GoRoute(
      // Supports both /reset-password and /reset-password?token=...
      path: '/reset-password',
      builder: (context, state) {
        // For deep linking, you might pass the token in the path, e.g., /reset-password/:token
        // final token = state.pathParameters['token']; 
        _routerLogger.info("Navigating to /reset-password");
        return const ResetPasswordScreen();
      },
    ),
    GoRoute(
      path: '/approve',
      builder: (context, state) {
        final ref = state.uri.queryParameters['ref'];
        _routerLogger.info("Navigating to /approve with ref: $ref");
        return ApproveQrScreen(pendingRef: ref);
      },
    ),
    GoRoute(
      path: '/ql/:ref',
      builder: (context, state) {
        final ref = state.pathParameters['ref'];
        _routerLogger.info("Navigating to /ql with ref: $ref");
        return ApproveQrScreen(pendingRef: ref);
      },
    ),
    GoRoute(
      path: '/scan',
      builder: (context, state) {
        _routerLogger.info("Navigating to /scan");
        return const QRScanScreen();
      },
    ),
    GoRoute(
      path: '/admin/users',
      builder: (context, state) {
        _routerLogger.info("Navigating to /admin/users");
        return const UserManagementScreen();
      },
    ),
  ],
  redirect: (context, state) {
    final hasDescopeSession =
        Descope.sessionManager.session?.refreshToken?.isExpired == false;
    final hasStoredToken = AuthTokenStore.getToken() != null;
    final hasCookieSession = AuthTokenStore.usesCookie();
    final isLoggedIn = hasDescopeSession || hasStoredToken || hasCookieSession;
    final path = state.uri.path;

    // Public paths that don't require login
    final isPublicPath = path == '/signin' || 
                         path == '/signup' ||
                         path == '/verify' ||
                         path.startsWith('/verify/') || 
                         path == '/approve' ||
                         path.startsWith('/ql/') ||
                         path == '/forgot-password' ||
                         path == '/reset-password';

    _routerLogger.fine("Redirect check - Path: $path, IsLoggedIn: $isLoggedIn");

    // 0. ALWAYS allow public paths to proceed so they can function
    if (isPublicPath) {
      return null;
    }

    // If not logged in and trying to access a protected page, redirect to /signin
    if (!isLoggedIn) {
      _routerLogger.info("Not logged in, redirecting to /signin");
      return '/signin';
    }

    // If logged in and trying to access login page, redirect to root (dashboard)
    // This is now implicitly handled by the isPublicPath check, but kept for clarity.
    // if (isLoggedIn && path == '/signin') {
    //   _routerLogger.info("Logged in, redirecting to /");
    //   return '/';
    // }

    return null;
  },
);

class BaronSSOApp extends StatelessWidget {
  const BaronSSOApp({super.key});

  @override
  Widget build(BuildContext context) {
    return MaterialApp.router(
      title: 'Baron SSO',
      theme: ThemeData(
        colorScheme: ColorScheme.fromSeed(
          seedColor: const Color(0xFF1A1F2C), // Dark Navy/Black base
          brightness: Brightness.light,
        ),
        useMaterial3: true,
        textTheme: GoogleFonts.interTextTheme(),
      ),
      routerConfig: _router,
    );
  }
}