import cookieParser from 'cookie-parser'
import { config } from '../config.js'

const SESSION_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1000

export function sessionMiddleware() {
  return cookieParser(config.sessionSecret)
}

export function setPortalSession(res, data) {
  res.cookie(config.cookieName, JSON.stringify(data), {
    httpOnly: true,
    secure: process.env.NODE_ENV === 'production',
    sameSite: 'lax',
    maxAge: SESSION_MAX_AGE_MS,
    signed: true,
  })
}

export function clearPortalSession(res) {
  res.clearCookie(config.cookieName, {
    httpOnly: true,
    secure: process.env.NODE_ENV === 'production',
    sameSite: 'lax',
    signed: true,
  })
}

export function requireSession(req, res, next) {
  const raw = req.signedCookies?.[config.cookieName]
  if (!raw) {
    return res.status(401).json({ error: 'Nicht angemeldet' })
  }

  try {
    const session = JSON.parse(raw)
    if (!session.customerId || !session.appwriteUserId) {
      return res.status(401).json({ error: 'Ungültige Session' })
    }
    req.session = session
    next()
  } catch {
    return res.status(401).json({ error: 'Ungültige Session' })
  }
}

export function getSessionCustomerId(req) {
  return req.session?.customerId
}