import * as jwt from "jsonwebtoken"
import { EV } from "./env.values"

export interface JwtPayload {
  user_id: number
  role_id: number // NOT NULL
  company_id?: number | null // Nullable
  employee_id?: number | null // Nullable
  iat?: number // Auto added by jwt
  exp?: number // Auto added by jwt
}

export const generateJwtToken = (
  payload: JwtPayload,
  isRefreshToken: boolean = false,
) => {
  return jwt.sign(payload, EV["JWT_SECRET"], {
    expiresIn: isRefreshToken ? EV["JWT_REFRESH_EXPIRE"] : EV["JWT_EXPIRE"],
  } as jwt.SignOptions)
}

export const verifyJwtToken = (token: string) => {
  try {
    return jwt.verify(token, EV["JWT_SECRET"]) as JwtPayload
  } catch (error: any) {
    // If token is expired, throw specific error for auth middleware to catch
    if (error.name === "TokenExpiredError") {
      throw error
    }
    // For other JWT errors (invalid signature, malformed token, etc.), return null
    return null
  }
}