package auth

import (
	"errors"
	"time"

	"common/utils"
	"github.com/golang-jwt/jwt/v5"
)

func GenerateToken(userID string) (string, error) {
	secret := utils.GetEnv("JWT_SECRET", "")
	if secret == "" {
		return "", errors.New("jwt_secret_missing")
	}
	ttlStr := utils.GetEnv("JWT_TTL", "24h")
	ttl, err := time.ParseDuration(ttlStr)
	if err != nil {
		return "", err
	}
	issuer := utils.GetEnv("JWT_ISSUER", "trading-assistant")
	now := time.Now()
	claims := jwt.RegisteredClaims{
		Subject:   userID,
		Issuer:    issuer,
		IssuedAt:  jwt.NewNumericDate(now),
		ExpiresAt: jwt.NewNumericDate(now.Add(ttl)),
	}
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	return token.SignedString([]byte(secret))
}

func ParseToken(tokenStr string) (string, error) {
	secret := utils.GetEnv("JWT_SECRET", "")
	if secret == "" {
		return "", errors.New("jwt_secret_missing")
	}
	var claims jwt.RegisteredClaims
	tkn, err := jwt.ParseWithClaims(tokenStr, &claims, func(token *jwt.Token) (interface{}, error) {
		return []byte(secret), nil
	})
	if err != nil {
		return "", err
	}
	if !tkn.Valid {
		return "", errors.New("token_invalid")
	}
	return claims.Subject, nil
}