package libshared

import (
	"crypto/rsa"
	"log"
	"os"
	"time"

	"github.com/golang-jwt/jwt/v5"
)

func LoadPrivateKey(path string) (*rsa.PrivateKey, error) {
	keyData, err := os.ReadFile(path)
	if err != nil {
		log.Fatal("Error reading private key file:", err)
		return nil, err
	}

	privateKey, err := jwt.ParseRSAPrivateKeyFromPEM(keyData)
	if err != nil {
		log.Fatal("Error parsing private key:", err)
		return nil, err
	}

	return privateKey, nil

}

func LoadPublicKey(path string) (*rsa.PublicKey, error) {
	keyData, err := os.ReadFile(path)
	if err != nil {
		log.Fatal("Error reading public key file:", err)
		return nil, err
	}

	publicKey, err := jwt.ParseRSAPublicKeyFromPEM(keyData)
	if err != nil {
		log.Fatal("Error parsing public key:", err)
		return nil, err
	}

	return publicKey, nil

}

// CreateJWT generates a signed JWT
func CreateJWT(privateKey *rsa.PrivateKey, account string, user string, purpose string) (string, error) {
	now := time.Now()

	claims := jwt.MapClaims{
		"sub":     user,                      // subject (user id)
		"exp":     now.Add(time.Hour).Unix(), // expiration
		"iat":     now.Unix(),                // issued at
		"purpose": purpose,
		"account": account,
	}

	token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)

	signedToken, err := token.SignedString(privateKey)
	if err != nil {
		log.Println("Error signing token:", err)
		return "", err
	}

	return signedToken, err
}