package crypto

import (
	"fmt"
	"time"

	"smoop-api/internal/dto"

	"github.com/golang-jwt/jwt/v5"
)

type JWTManager struct {
	secret []byte
}

func NewJWT(secret []byte) *JWTManager {
	return &JWTManager{secret: secret}
}

func (j *JWTManager) Generate(userID uint, username, role string) (string, error) {
	t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
		"sub":  userID,
		"name": username,
		"role": role,
		"iat":  time.Now().Unix(),
		"exp":  time.Now().Add(24 * time.Hour).Unix(),
	})
	return t.SignedString(j.secret)
}

func (j *JWTManager) Parse(tok string) (*jwt.Token, error) {
	return jwt.Parse(tok, func(t *jwt.Token) (interface{}, error) { return j.secret, nil })
}

func (j *JWTManager) GenerateMediaToken(sub uint, act, path string, ttl time.Duration) (string, error) {
	now := time.Now()
	claims := dto.MediaClaims{
		Act:  act,
		Path: path,
		RegisteredClaims: jwt.RegisteredClaims{
			Subject:   fmt.Sprintf("%d", sub),
			IssuedAt:  jwt.NewNumericDate(now),
			ExpiresAt: jwt.NewNumericDate(now.Add(ttl)),
		},
	}
	t := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	return t.SignedString([]byte(j.secret))
}

// NEW: parse a media token into typed claims
func (j *JWTManager) ParseMedia(tokenStr string) (*dto.MediaClaims, error) {
	tok, err := jwt.ParseWithClaims(tokenStr, &dto.MediaClaims{}, func(t *jwt.Token) (interface{}, error) {
		return []byte(j.secret), nil
	})
	if err != nil {
		return nil, err
	}
	mc, ok := tok.Claims.(*dto.MediaClaims)
	if !ok || !tok.Valid {
		return nil, fmt.Errorf("invalid media token")
	}
	return mc, nil
}