# Configure the Google Cloud provider
provider "google" {
  project = var.project_id
  billing_project =  var.project_id
  region  = var.region 
  user_project_override = true
}

# Configure the google-beta provider for Firebase resources
provider "google-beta" {
  project = var.project_id
  billing_project =  var.project_id
  region  = var.region
  user_project_override = true
}

# Create a new Google Cloud Project
resource "google_project" "main_project" {
  name       = var.project_name
  project_id = var.project_id
  billing_account = var.billing_account

  # Enable deletion policy to allow project deletion
  deletion_policy = "DELETE"
}

# Enable required APIs for the project
resource "google_project_service" "project_services" {
  project = google_project.main_project.project_id
  service = "cloudresourcemanager.googleapis.com"

  # Wait for the project to be created before enabling services
  depends_on = [google_project.main_project]
}

# Enable required Firebase APIs
resource "google_project_service" "firebase_services" {
  project = google_project.main_project.project_id
  service = "firebase.googleapis.com"

  # Wait for the project to be created before enabling services
  depends_on = [google_project.main_project]
}

# Enable Firestore API (required for Firestore database)
resource "google_project_service" "firestore_service" {
  project = google_project.main_project.project_id
  service = "firestore.googleapis.com"

  # Wait for Firebase services to be enabled before enabling Firestore
  depends_on = [google_project_service.firebase_services]
}

resource "google_project_service" "auth_service" {
  project = google_project.main_project.project_id
  service = "identitytoolkit.googleapis.com"

  # Wait for Firebase services to be enabled before enabling Firestore
  depends_on = [google_project_service.firestore_service]
}


resource "google_firebase_project" "firebase_project" {
  provider = google-beta
  project  = google_project.main_project.project_id
}

# Create Firebase Web App
resource "google_firebase_web_app" "main_app" {
  provider     = google-beta
  # project      = "${google_project.main_project.name}"
  display_name = "Rothbard Law Group"

  # Wait for Firebase services to be enabled before creating app
  depends_on = [google_project_service.firebase_services]
}

# Create Firestore Database
resource "google_firestore_database" "main_firestore" {
  provider       = google-beta
  project        = google_project.main_project.project_id
  name           = "(default)"
  location_id    = var.region
  type           = "FIRESTORE_NATIVE"
  concurrency_mode = "OPTIMISTIC"

  # Wait for Firestore API to be enabled before creating database
  depends_on = [google_project_service.firestore_service]
}

# Configure Identity Platform for Firebase Authentication
resource "google_identity_platform_config" "main_config" {
  provider = google-beta
  project  = google_project.main_project.project_id
	multi_tenant {
           allow_tenants           = false
        }


  # Auto-deletes anonymous users
  autodelete_anonymous_users = true

  # Configures local sign-in methods, like anonymous, email/password, and phone authentication.
  sign_in {
    allow_duplicate_emails = true

    anonymous {
      enabled = true
    }

    email {
      enabled = true
      password_required = false
    }

    phone_number {
      enabled = true
      test_phone_numbers = {
        "+11231231234" = "000000"
      }
    }
  }

  # Sets an SMS region policy.
  sms_region_config {
    allowlist_only {
      allowed_regions = [
        "US",
        "CA",
      ]
    }
  }

  # Configures authorized domains.
  authorized_domains = [
    "localhost",
    "${google_project.main_project.project_id}.firebaseapp.com",
    "${google_project.main_project.project_id}.web.app",
  ]
  depends_on = [google_project_service.auth_service]
}

resource "google_firebaserules_ruleset" "primary" {
  source {
    files {
      content = <<EOF
rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    // Allow read/write access to user's own settings
    match /users/{userId} {
      allow read, write: if request.auth != null && request.auth.uid == userId;
    }

    // Deny access to all other documents
    match /{document=**} {
      allow read, write: if false;
    }
  }
}

EOF
      name    = "firestore.rules"
    }
  }

  project = google_project.main_project.project_id
}
resource "google_firebaserules_release" "primary" {
  name         = "cloud.firestore"
  project      = google_project.main_project.project_id
  ruleset_name = "projects/${google_project.main_project.project_id}/rulesets/${google_firebaserules_ruleset.primary.name}"
}

# Output the project ID and name
output "project_id" {
  value = google_project.main_project.project_id
}

output "project_name" {
  value = google_project.main_project.name
}

output "firebase_app_id" {
  value = google_firebase_web_app.main_app.app_id
}

output "firestore_database_name" {
  value = google_firestore_database.main_firestore.name
}