const jwt = require('jsonwebtoken');
const crypto = require('crypto');

const tokenSettings = {
  access: { 
    expiresIn: '15m', 
    type: 'access', 
    secret: process.env.SECRET
  },
  refresh: { 
    expiresIn: '7d', 
    type: 'refresh', 
    secret: process.env.REFRESH_SECRET
  }
};

function generateTokenId() {
  return crypto.randomBytes(32).toString('hex');
}

function generateToken(payload, type) {
  const settings = tokenSettings[type];
  if (!settings) throw new Error(`Invalid token type: ${type}`);

  const tokenPayload = { ...payload, type: settings.type };

  return jwt.sign(tokenPayload, settings.secret, {
    expiresIn: settings.expiresIn,
    jwtid: generateTokenId()
  });
}

function verifyTokenType(token, type) {
  const settings = tokenSettings[type];
  try {
    const decoded = jwt.verify(token, settings.secret);
    if (decoded.type !== type) throw new Error('Invalid token type');
    return decoded;
  } catch (error) {
    if (error.name === 'TokenExpiredError') throw new Error(`${type} token has expired`);
    if (error.name === 'JsonWebTokenError') throw new Error(`Invalid ${type} token`);
    throw error;
  }
}

function generateAccessToken(payload) {
  return generateToken(payload, 'access');
}

function generateRefreshToken(payload) {
  return generateToken(payload, 'refresh');
}

function verifyToken(token) {
  return verifyTokenType(token, 'access');
}

function verifyRefreshToken(token) {
  return verifyTokenType(token, 'refresh');
}

function generateTokenPair(payload) {
  const accessToken = generateAccessToken(payload);
  const refreshToken = generateRefreshToken(payload);

  return {
    accessToken,
    refreshToken,
    tokenType: 'Bearer',
    expiresIn: 900,
    refreshExpiresIn: 604800
  };
}

module.exports = {
  generateAccessToken,
  generateRefreshToken,
  verifyToken,
  verifyRefreshToken,
  generateTokenPair,
};