import jwt from 'jsonwebtoken'
import type { JWTPayload } from '../modules/auth/types'

const JWT_SECRET = process.env.JWT_SECRET || 'sport-meeting-admin-secret-key-2026'
const ACCESS_TOKEN_EXPIRY = '7d'
const REFRESH_TOKEN_EXPIRY = '30d'

export function generateAccessToken(payload: Omit<JWTPayload, 'iat' | 'exp' | 'type'>): string {
  return jwt.sign({ ...payload, type: 'access' }, JWT_SECRET, { expiresIn: ACCESS_TOKEN_EXPIRY })
}

export function generateRefreshToken(payload: Omit<JWTPayload, 'iat' | 'exp' | 'type'>): string {
  return jwt.sign({ ...payload, type: 'refresh' }, JWT_SECRET, { expiresIn: REFRESH_TOKEN_EXPIRY })
}

export function verifyToken(token: string): JWTPayload | null {
  try {
    const decoded = jwt.verify(token, JWT_SECRET) as JWTPayload
    return decoded
  } catch {
    return null
  }
}

export function decodeToken(token: string): JWTPayload | null {
  try {
    return jwt.decode(token) as JWTPayload
  } catch {
    return null
  }
}

export function isAccessToken(token: JWTPayload): boolean {
  return token.type === 'access'
}

export function isRefreshToken(token: JWTPayload): boolean {
  return token.type === 'refresh'
}

export function getTokenExpiry(token: string): Date | null {
  const decoded = decodeToken(token)
  if (!decoded?.exp) return null
  return new Date(decoded.exp * 1000)
}