import jwt from 'jsonwebtoken'; 
import { privateKey } from '../../config/privateKeys.js'; 
import { makeResponse } from '../makeResponse/index.js'; 
const { sign, verify } = jwt; 


// This function creates tokens based on user data and the rememberMe flag
export const generateToken = async (data, rememberMe) => {
  // Set expiration times
  const accessTokenExpiresIn = rememberMe ? '365d' : '1d'; // Access token expires in 365 days or 1 day
  const refreshTokenExpiresIn = '7d'; // Refresh token expires in 7 days

  try {
    const accessToken = sign({ data }, privateKey.TOKEN_SECRET, { expiresIn: accessTokenExpiresIn });
    const refreshToken = sign({ data }, privateKey.REFRESH_TOKEN_SECRET, { expiresIn: refreshTokenExpiresIn });

    return { accessToken, refreshToken }; 
  } catch (error) {
    throw new Error("Error generating tokens: " + error.message); 
  }
};


// This function checks the validity of a given token using the appropriate secret
export const verifyToken = async (token, type = 'access') => {
  try {
    // Use different secrets for access token and refresh token
    const secret = type === 'access' ? privateKey.TOKEN_SECRET : privateKey.REFRESH_TOKEN_SECRET;

    return verify(token, secret); 
  } catch (error) {
    throw new Error("Token verification failed: " + error.message);
  }
};

// This function handles the logic for refreshing access tokens using a valid refresh token
export const refreshAccessToken = async (req, res) => {
  const { refreshToken } = req.body;

  if (!refreshToken) {
    return makeResponse(res, 403, false, 'Refresh Token is required'); // Respond if no refresh token is provided
  }

  try {
    // Verify the refresh token
    const decoded = await verifyToken(refreshToken, 'refresh');
    
    // Generate new access token (and optionally a new refresh token)
    const { accessToken, refreshToken: newRefreshToken } = await generateToken(decoded.data, true); // Example with rememberMe = true

    return makeResponse(res, 200, true, 'New access and refresh token', {
      token: accessToken,
      refreshToken: newRefreshToken // Optionally send a new refresh token
    });
  } catch (error) {
    console.log(error);
    return makeResponse(res, 403, false, 'Invalid or expired refresh token'); // Handle invalid refresh token
  }
};