import {existsSync} from 'fs';
import {readFile, writeFile} from "node:fs/promises";
import {generateKeyPairSync, createHash, createPublicKey, createPrivateKey} from 'node:crypto';
import jwt from "jsonwebtoken";

let privateKey, publicKey, fingerprint;

export async function initJwt() {
    const secretPath = process.env.JWT_SECRET_PATH;
    if (!secretPath || !existsSync(secretPath)) {
        throw new Error('JWT secret path is not defined in environment variables, or the directory does not exist.');
    }

    console.log(`[JWT] Initializing JWT with secret path: ${secretPath}`);

    const privateKeyPath = `${secretPath}/jwt.key`;
    const publicKeyPath = `${secretPath}/jwt.key.pub`;

    if (!existsSync(privateKeyPath)) {
        console.log("[JWT] Generating new keypair");
        const keyPair = generateKeyPairSync("ec", {
            namedCurve: "secp521r1",
        });

        privateKey = keyPair.privateKey;
        publicKey = keyPair.publicKey;

        await Promise.all([
            writeFile(
                privateKeyPath,
                privateKey.export({format: "pem", type: "sec1"}),
            ),
            writeFile(
                publicKeyPath,
                publicKey.export({format: "pem", type: "spki"}),
            ),
        ]);
        console.log("[JWT] Keypair generated successfully.");
    } else {
        console.log("[JWT] Using existing keypair");
        const loadedPrivateKey = await readFile(privateKeyPath, 'utf8');
        const loadedPublicKey = await readFile(publicKeyPath, 'utf8');

        privateKey = createPrivateKey(loadedPrivateKey);
        publicKey = createPublicKey(loadedPublicKey);
    }

    fingerprint = createHash("sha256")
        .update(publicKey.export({format: "pem", type: "spki"}))
        .digest("hex");
}

/**
 * @type {import('jsonwebtoken').JwtOptions}
 */
const jwtOptions = {
    algorithm: 'ES512',
}

export async function generateJwtToken(user) {
    if (!privateKey) {
        throw new Error('JWT private key is not initialized. Please call initJwt() first.');
    }

    const payload = {
        sub: user._id.toString(),
        username: user.username,
        type: user.type,
        iat: Math.floor(Date.now() / 1000)
    };

    return new Promise((resolve, reject) => {
        jwt.sign(payload, privateKey, jwtOptions, (err, token) => {
            if (err) {
                console.error('[JWT] Error generating token:', err);
                return reject(err);
            }
            resolve(token);
        });
    });
}

export async function validateJwtToken(token) {
    if (!publicKey) {
        throw new Error('JWT public key is not initialized. Please call initJwt() first.');
    }

    return new Promise((resolve, reject) => {
        jwt.verify(token, publicKey, jwtOptions, (err, decoded) => {
            if (err) {
                console.error('[JWT] Token validation failed:', err);
                return reject(err);
            }
            resolve(decoded);
        });
    });
}